Show TOC

Configuring the AS ABAP to Use X.509 Client CertificatesLocate this document in the navigation structure

Use

You can use this procedure to enable the use of client certificates for authentication with the AS ABAP.

Prerequisites

The AS ABAP is enabled to use SSL. For more information, see Configuring the AS ABAP for Supporting SSL .

Procedure

  1. Set the AS ABAP profile parameter icm/HTTPS/verify_client to the value 1 (accept certificates) or 2 (require certificates) to support the use of client certificates.

    Note

    If you are configuring X.509 certificate logon for message-based authentication with Web services, you do not have to set this parameter.

  2. Restart the IC manager using transaction SMICM .

  3. Maintain the server's SSL server PSE.

    Use the trust manager (transaction STRUST) and import the issuing CA's root certificate into this PSE's certificate list.

  4. Maintain the user mapping in table USREXTID (for example, using the table maintenance transaction SM30, view VUSREXTID).

    1. Enter the following information in the corresponding fields:

      Field

      Value

      Comment

      Type of external ID

      DN

      Enter in the Determine Work Area: Entry dialog.

      Extern.ID

      Distinguished Name as found in the user's certificate.

      None

      User

      SAP system user ID

      None

      Min. date

      Earliest date on which the certificate is valid for logging on to the system.

      Optional and not currently checked in the system.

      You can alternatively use the Import function to load a certificate from the file system to use for the mapping.

    2. Set the Activated indicator to activate the client certificate logon for the user.

    3. You can enter users' data in preparation for using certificates and activate it at a later time.

Save your entries.

Result

The AS ABAP can accept X.509 client certificates for user authentication.