X509 based logon – 2 – Add CA certificates to PSE
Certificates are based on trust. Trust is established by trusting a PKI and the CA that issues certificates. To establish the trust needed for X.509 based user logon, import the certificates of the issuing PKI. In my case, I do have a root CA and intermediate CA. I’ll have to import both certificates to ensure that NW can validate the complete certificate chain.
Add Root CA certificate
Select the client the user will later log in. That is the same client the user normally works on (normally not 000 or 001).
Change to edit mode and click on import certificate.
Import the Root CA certificate.
Add to Certificate List.
Add intermediate CA certificate
Perform the same steps as for the Root CA, but now with the intermediate CA certificate.
Now both certificates are in the PSE and can be used by NW ABAP to validate a client certificate issued by the intermediate CA.