Enable certificate based logon – 3 Activate client certificate verification on NetWeaver ABAP
For the NetWeaver ABAP system to be able to accept the certificate based logon from Web Dispatcher, it must be configured to accept the certificate of the WD system as a client certificate. SAP Help
It is necessary to maintain 2 profile parameters:
These two parameters are needed to let NW ABAP identifiy which client certificate to trust. They define the DN of the client and the DN of the CA that issued the certificate. Even when someone sends a certificate with the same DN as of WD, but signed by a different CA, it won`t be accepted by NW ABAP. This helps to increase the level of security.
To add both, you have to select Change and then Add new parameter
Parameter name: icm/HTTPS/trust_client_with_issuer
The value of the parameter is taken from the Issuer line of the client PSE of the WD.
Parameter name icm/HTTPS/trust_client_with_subject
The value of the parameter is taken from the Subject line of the client PSE of the WD.
The example screenshots show CN=WDP, OU=SSL Client. These are the standard values of the self-signed certificate of WD client PSE. In case you do not have a CA available, self-signed certificates like the above can be used too.