Show TOC

Background documentationicm/HTTPS/verify_client Locate this document in the navigation structure

 

This parameter specifies whether or not a client must produce a certificate.

Prerequisites

The ICM requests only client certificates issued by the Certification Authorities (CAs), whose root certificates are in the SSL Server PSE certificate list.

Structure

Work area

Internet Communication Manager, SAP Web Dispatcher

Unit

Integer value

Standard value

1

Dynamically changeable

Local and on all servers
Value Range and Syntax

There are three certification levels (0-2):

  • 0: No certification is required and the server does not ask for one.

  • 1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is carried out by another method, for example, basic authentication (default setting).

  • 2: The client must transfer a valid certificate to the server, otherwise access is denied.

Caution Caution

These settings apply to the entire server.

The system administrator can use icm/HTTPS/verify_client=2 to ensure that users who attempt to log on to this server via HTTPS can only do so by producing a valid certificate.

You can override the setting for individual ports by using the parameter icm/server_port_<xx> with option VCLIENT.

End of the caution.

More Information

Note the following documentation associated with this parameter:

Configuring SAP NetWeaver AS for Supporting SSL

Setting the Profile Parameters for Using SSL