Using X.509 Client Certificates

• Client certificate authentication uses cryptography to secure user access to SAP NetWeaver systems. Therefore, to use authentication with client certificates your SAP NetWeaver systems must be enabled to use strong cryptography.

• Users accessing SAP NetWeaver have to possess valid X.509 client certificates, issued by a trusted CA..

• The use of SSL is configured for your SAP NetWeaver systems.

Public-Key Infrastructure / Trust Center Services

Users must receive their client certificates from a Certification Authority (CA) as part of a public-key infrastructure (PKI). If you do not have an established PKI then you can use a trust center service to obtain certificates.

SSL

When using client certificates, users are authenticated at the communication protocol level using the SSL protocol. Enabling the use of SSL is necessary for the connections where user authentication takes place.

When using X.509 client certificates, the integrity and the confidentiality of the authentication credentials is provided using cryptographic functions and the SSL protocol. In addition, to establish higher levels of trust and non-repudiation for business transactions, users can use produce digital signatures with the client certificates.

When users authenticate with their client certificates, SSO is enabled by the underlying PKI technology and established trust between certificate issuing and certificate accepting systems. Thereby, users can use their certificates for secure access to many Intranet and internet services. PKI technology can also reduce reliance on other authentication mechanisms. After users receive their certificates from the CA, they no longer need to authenticate with a user name and password.

The activities involved to enable user authentication with X.509 client certificates are specific to the underlying technology of your SAP NetWeaver system. The configuration activities can differ depending on whether you use an intermediary proxy server that terminates the SSL connection.