Show TOC

Procedure documentationUsing the Web Administration Interface with X.509 Certificate Locate this document in the navigation structure


You can set up the administration for the ICM and the SAP Web dispatcher from the browser. SAP recommends you use the Web administration with X.509 client certificates (with SSL). This is much more secure and the logon popup is omitted when the Web administration is first called up.


The configuration of the ICM and Web dispatcher must fulfill the following conditions.

Web Administration Interface

You have set up the Web administration interface as described in Setting Up the Web Administration Interface.


Enter the client certificate belonging to the user in the authentication file (standard name icmauth.txt). You enter the certificate in an optional column at the end of the file (see icm/HTTP/auth_<xx>).

Example Example



End of the example.

In this column enter the distinguished name (DN) as it stands in the client certificate. In the browser this is often entered as the subject of the client certificate. As you can see in the example, the wildcards '?'and '*' are used to specify the certificate.

Example Example

For instance, the distinguished name of the client certificate could have the following value in full: CN=Muster, O=SAP-AG, C=DE

End of the example.

When you set icmon -a or wdispmon -a in the authentication file, you can change the DN of the client certificate as well as the password and group of an existing user.

If you want a user to be able to log on only with the X.509 client certificate, you can enter an x as the password (for queries), which makes the following entry (in the example) in file: