X509 based logon – 2 – Add CA certificates to PSE

Published by Tobias Hofmann on July 8, 2020July 8, 2020

2 min read

Certificates are based on trust. Trust is established by trusting a PKI and the CA that issues certificates. To establish the trust needed for X.509 based user logon, import the certificates of the issuing PKI. In my case, I do have a root CA and intermediate CA. I’ll have to import both certificates to ensure that NW can validate the complete certificate chain.

Tx: STRUST

Add Root CA certificate

Select the client the user will later log in. That is the same client the user normally works on (normally not 000 or 001).

Change to edit mode and click on import certificate.

Import the Root CA certificate.

Add to Certificate List.

Add intermediate CA certificate

Perform the same steps as for the Root CA, but now with the intermediate CA certificate.

Save

Now both certificates are in the PSE and can be used by NW ABAP to validate a client certificate issued by the intermediate CA.

Categories: BasisSAP

Tags: capsestrust

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.