Show TOC

icm/HTTPS/verify_clientLocate this document in the navigation structure

Use

This parameter specifies whether or not a client must produce a certificate.

Prerequisites

The ICM requests only client certificates issued by the Certification Authorities (CAs), whose root certificates are in the SSL Server PSE certificate list.

Structure

Work area

Internet Communication Manager, SAP Web Dispatcher

Unit

Integer value

Standard value

1

Dynamically changeable

Local and on all servers

Value Range and Syntax

There are three certification levels ( 0- 2):

  • 0: No certification is required and the server does not ask for one.

  • 1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is carried out by another method, for example, basic authentication (default setting).

  • 2: The client must transfer a valid certificate to the server, otherwise access is denied.

Caution

These settings apply to the entire server.

The system administrator can use icm/HTTPS/verify_client=2 to ensure that users who attempt to log on to this server via HTTPS can only do so by producing a valid certificate.

You can override the setting for individual ports by using the parameter icm/server_port_<xx> with option VCLIENT.