Enable certificate based logon – 2 Maintain Client PSE of Web Dispatcher

Published by Tobias Hofmann on

1 min read

OK, now it will get complicated. Certificate based logons do not really like reverse proxies. First step is to ensure that the client has a certificate that is accepted by the SAP NetWeaver ABAP PSE. For this, the certificate must be signed by a CA that the ABAP PSE trusts.

Log on the WD admin and select PSE Management

Select Recreate PSE.

In the DN field, use the name of the WD: CN=wd.tobias.de. The other information is optional, but should be added.

Right now, the certificate is created and the PSE has a private key, but the certificate is self-signed. To have an official certificate, it must be signed by a CA. To do this, select: “Create a CA Request” to create a CSR that will be send to the CA.

Create CA Request

Save the output in a TXT file, send it to your CA, let it get signed. Then, go back to WD admin and import the CA response.

The client PSE updates the issuer information. Now there must be shown the DN of the CA. In my case: C=BR, O=EJBCA, CN=ca.tobias.de

Let the world know

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.