This parameter specifies whether or not a client must produce a certificate.
The ICM requests only client certificates issued by the Certification Authorities (CAs), whose root certificates are in the SSL Server PSE certificate list.
Work area |
Internet Communication Manager, SAP Web Dispatcher |
Unit |
Integer value |
Default value |
1 |
Dynamically changeable |
Local and on all servers |
Value Range and Syntax
There are three certification levels (0-2):
0: No certification is required and the server does not ask for one.
1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is carried out by another method, for example, basic authentication (default setting).
2: The client must transfer a valid certificate to the server, otherwise access is denied.
These settings apply to the entire server.
The system administrator can use icm/HTTPS/verify_client=2 to ensure that users who attempt to log on to this server via HTTPS can only do so by producing a valid certificate.
You can override the setting for individual ports by using the profile parameter icm/server_port_<xx> with option VCLIENT.