Show TOC

Using X.509 Client Certificates on SAP NetWeaver Application Server for ABAPLocate this document in the navigation structure

Users who access SAP NetWeaver Application Server for ABAP from a Web browser and present a valid client certificate can be authenticated on the server using the SSL protocol.

For this scenario, the information contained in the certificate is passed to the server and the user is logged on to the server based on this information. User authentication takes place in the underlying SSL security protocols and no user ID and password entries are necessary.

Public-Key Infrastructure / Trust Center Services

To authenticate with client certificates, users must receive their X.509 client certificates from a trusted Certification Authority. SAP NetWeaver Application Server for ABAP uses the established Public Key Infrastructure (PKI) to verify the identity of certificate owners and to issue, validate, renew, and revoke certificates. If you use X.509 client certificates for authentication, then you need access to a PKI. You can either establish your own PKI or you can rely on a Trust Center for these tasks.

For more information, see Public-Key Technology .

Using SSL for Client Authentication

When using X.509 client certificates, users are authenticated on SAP NetWeaver Application Server for ABAP using the SSL protocol. Therefore, HTTPS connections are necessary for the communication between the Web browser and SAP NetWeaver Application Server for ABAP.

Prerequisites

  • Users possess valid X.509 client certificates issued by a trusted CA.

  • The user's client certificates are imported in their client system's Web browsers.

  • SAP NetWeaver Application Server for ABAP is configured to support HTTPS connections and SSL.

    For more information, see Configuring the AS ABAP for Supporting SSL.

  • The user's identification, the Distinguished Name, that is specified in his or her certificate must map to a valid user ID on SAP NetWeaver Application Server for ABAP.

Features

The integrity and confidentiality of the authentication credentials is provided using the SSL protocol and PKI technology. In addition, users can produce digital signatures using the client certificates to establish higher levels of trust and non-repudiation for business transactions.

Once users receive their client certificates from the CA, they can use them to access SAP NetWeaver AS for Java and passwords are no longer used for authentication purposes. In addition, users can use their certificates for secure access to other Intranet or Internet services.

Activities

For more information about enabling the use of client certificates for an SSO integration of SAP NetWeaver Application Server for ABAP, see the following sections:

  • Client Certificate Logon for SAP GUI

    Information about configuring the use of client certificates for the Internet Connection Framework (ICF) of SAP NetWeaver Application Server for ABAP. The ICF enables Web-based access to SAP NetWeaver Application Server for ABAP.

  • Configuring the AS ABAP to use Client Certificates

    Information about additional configuration parameters related to enabling SSL and maintaining the user certificate mapping on SAP NetWeaver Application Server for ABAP.