Configuring the System for Using X.509 Client
Certificates
Procedure
...
1.
Configuring the SAP Web AS for Supporting
SSL.
2. Set the profile parametericm/HTTPS/verify_clientto the value 1 (accept certificates) or 2 (require certificates).
3. Restart the ICManager (using transaction SMICM).
4. Maintain the server’s SSL server PSE.
Use the trust manager (transaction STRUST) and import the issuing CA’s root certificate into this PSE’s certificate list.
5. Maintain the user mapping in table USREXTID.
...
a. Enter the following information in the corresponding fields:
Field |
Value |
Comment |
Type of external ID |
DN |
Enter in the Determine Work Area: Entry dialog. |
Extern.ID |
Distinguished Name as found in the user's certificate. |
|
Serial no. |
Serial number of the certificate: 000 is the default value. |
Optional and not currently checked in the system. |
User |
SAP System user ID |
|
Min. date |
Earliest date on which the certificate is valid for logging on to the system. |
Optional and not currently checked in the system. |
You can
alternatively use the Import function (
) to load a certificate from the file system to use
for the mapping.
b. Set the Activated indicator to activate the client certificate logon for the user.
You may want to enter users' data in preparation for using certificates and activate them at a later time.
c. Save the data.
Result
The SAP Web Application Server can accept X.509 client certificates as the authentication mechanism.
See also: