Configuring the System for Using X.509 Client Certificates 

Procedure

...

       1.      Configuring the SAP Web AS for Supporting SSL.

       2.      Set the profile parameters snc/extid_login_diag = 1, snc/extid_login_rfc = 1 icm/HTTPS/verify_client = 1 (accept certificates) or 2 (require certificates).

       3.      Restart the ICManager (using transaction SMICM).

       4.      Maintain the user mapping in table USREXTID.

...

                            a.      Enter the following information in the corresponding fields:

Field	Value	Comment
Type of external ID	DN	Enter in the Determine Work Area: Entry dialog.
Extern.ID	Distinguished Name as found in the user's certificate.
Serial no.	Serial number of the certificate: 000 is the default value.	Optional and not currently checked in the system.
User	SAP System user ID
Min. date	Earliest date on which the certificate is valid for logging on to the system.	Optional and not currently checked in the system.

                            b.      Set the Activated indicator to activate the client certificate logon for the user.

You may want to enter users' data in preparation for using certificates and activate them at a later time.

                            c.      Save the data.

Result

The SAP Web Application Server can accept X.509 client certificates as the authentication mechanism.