X509 based logon – 2 – Add CA certificates to PSE

Published by Tobias Hofmann on

2 min read

Certificates are based on trust. Trust is established by trusting a PKI and the CA that issues certificates. To establish the trust needed for X.509 based user logon, import the certificates of the issuing PKI. In my case, I do have a root CA and intermediate CA. I’ll have to import both certificates to ensure that NW can validate the complete certificate chain.


Add Root CA certificate

Select the client the user will later log in. That is the same client the user normally works on (normally not 000 or 001).

Change to edit mode and click on import certificate.

Import the Root CA certificate.

Add to Certificate List.

Add intermediate CA certificate

Perform the same steps as for the Root CA, but now with the intermediate CA certificate.


Now both certificates are in the PSE and can be used by NW ABAP to validate a client certificate issued by the intermediate CA.

Let the world know
Categories: BasisSAP

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.