Show TOC

Procedure documentationConfiguring the AS ABAP to Use X.509 Client Certificates Locate this document in the navigation structure


You can use this procedure to enable the use of client certificates for authentication with the AS ABAP.


The AS ABAP is enabled to use SSL. For more information, see Configuring the AS ABAP for Supporting SSL.


  1. Set the AS ABAP profile parameter icm/HTTPS/verify_client to the value 1 (accept certificates) or 2 (require certificates) to support the use of client certificates.

    Note Note

    If you are configuring X.509 certificate logon for Web services, you do not have to set this parameter.

    End of the note.
  2. Restart the IC manager using transaction SMICM.

  3. Maintain the server's SSL server PSE.

    Use the trust manager (transaction STRUST) and import the issuing CA's root certificate into this PSE's certificate list.

  4. Maintain the user mapping in table USREXTID (for example, using the table maintenance transaction SM30, view VUSREXTID).

    1. Enter the following information in the corresponding fields:

      Mapping Data




      Type of external ID


      Enter in the Determine Work Area: Entry dialog.


      Distinguished Name as found in the user's certificate.


      Serial no.

      Serial number of the certificate: 000 is the default value.

      Optional and not currently checked in the system.


      SAP system user ID


      Min. date

      Earliest date on which the certificate is valid for logging on to the system.

      Optional and not currently checked in the system.

      You can alternatively use the Import function to load a certificate from the file system to use for the mapping.

    2. Set the Activated indicator to activate the client certificate logon for the user.

    3. You can enter users' data in preparation for using certificates and activate it at a later time.

Save your entries.


The AS ABAP can accept X.509 client certificates for user authentication.