Transaction WDR_ACF_WLIST: Allowing Certificates to be Saved Using Browsers
To decrypt and use a whitelist, the security certificate of an SAP system must be downloaded on the relevant client computer (see also Distributing Certificates to Client Computers).
This setting for this download option is valid for all users system-wide and is therefore usually made by administrators. The actual download procedure itself happens at application runtime without the started program having to be interrupted for it.
Saving certificates using the browser deactivates an SAP security standard. Setting this switch is therefore at your own risk and assumes that all possible consequences have been considered.
- Open transaction WDR_ACF_WLIST.
- Click the button Allow Saving of Cert. Using Browsers.
- With this step you open a dialog with which this special SAP security standard can be activated or deactivated for the relevant SAP system. In the title of the dialog the current activation level for certificate security is displayed:
Current Activation Level
Action:
Activation
Action:
Deactivation
Certificate standard is active:
It is not allowed to save the certificate on client computers using the browser.
As the security standard is already active, it is not possible to activate it by clicking on the Activate button.
Clicking theDeactivatebutton terminates the security standard, the certificate can be downloaded to client PCs after closing the dialog using the browser that is installed locally.
Certificate standard is inactive:
It is allowed to save the certificate on client computers using the browser.
Clicking the Activate button restores the security standard for the local save procedure of the certificate after closing the dialog.
As the security standard is already inactive, it is not possible to deactivate it by clicking on the Deactivate button.
If you have decided to change the current security standard, another popup appears where you have to confirm your decision again.
The security standard of the downloaded procedure is then changed for the security certificate of the server: If it was active at the start and is now inactive and the save process is now permitted using the browser. If at first it was inactive then it is now active and the save process using the browser is no longer permitted.
If the Web Dynpro application WD_ACF_DOWNLOAD_CERTIFCAT is started by either the users themselves or automatically as part of an application, it is now possible to save the certificate using the browser.
The save procedure is visible to the user and requires the user's explicit confirmation by clicking on the Save Certificate button of the related browser dialog. After being downloaded successfully, the local storage path of the certificate is displayed. This path cannot be changed.
If you decide to reactivate the security standard for this SAP system, you must first repeat step 1. On the next dialog screen in step 2, select Activate. It is then no longer possible to save the certificate using the browser, the status emessage in the browser shows a relevant text, and the Save Certificate button is no longer active.