This parameter specifies whether or not a client must produce a certificate.
Work area |
Internet Communication Manager, SAP Web Dispatcher |
Unit |
Integer value |
Standard value |
1 |
Dynamically changeable |
Local and on all servers |
There are three certification levels (0-2):
· 0: No certification is required and the server does not ask for one.
· 1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is carried out by another method, for example, basic authentication (default setting).
· 2: The client must transfer a valid certificate to the server, otherwise access is denied.
These settings apply to the entire server.
The system administrator can use icm/HTTPS/verify_client=2 to ensure that users who attempt to log on to this server via HTTPS can only do so by producing a valid certificate.
You can override the setting for individual ports by using the parameter icm/server_port_<xx> with option VCLIENT.
Note the following documentation:
Configuring the SAP Web AS for Supporting SSL
Setting the Profile Parameters for Using SSL
Configuring the Server for Checking the Client Certificate