Configuring the AS ABAP to Use X.509 Client Certificates

You can use this procedure to enable the use of client certificates for authentication with the AS ABAP.

The AS ABAP is enabled to use SSL. For more information, see Configuring the AS ABAP for Supporting SSL.

Set the AS ABAP profile parameter icm/HTTPS/verify_client to the value 1 (accept certificates) or 2 (require certificates) to support the use of client certificates.

Note

If you are configuring X.509 certificate logon for Web services, you do not have to set this parameter.

End of the note.
Restart the IC manager using transaction SMICM.
Maintain the server's SSL server PSE.
Use the trust manager (transaction STRUST) and import the issuing CA's root certificate into this PSE's certificate list.

Maintain the user mapping in table USREXTID (for example, using the table maintenance transaction SM30, view VUSREXTID).

Enter the following information in the corresponding fields:

Mapping Data
Field	Value	Comment
`Type of external ID`	DN	Enter in the Determine Work Area: Entry dialog.
`Extern.ID`	Distinguished Name as found in the user's certificate.	None
`Serial no.`	Serial number of the certificate: 000 is the default value.	Optional and not currently checked in the system.
`User`	SAP system user ID	None
`Min. date`	Earliest date on which the certificate is valid for logging on to the system.	Optional and not currently checked in the system.

You can alternatively use the Import function to load a certificate from the file system to use for the mapping.

Set the Activated indicator to activate the client certificate logon for the user.
You can enter users' data in preparation for using certificates and activate it at a later time.

Save your entries.

The AS ABAP can accept X.509 client certificates for user authentication.