Enable certificate based logon – 3 Activate client certificate verification on NetWeaver ABAP

Published by Tobias Hofmann on

1 min read

For the NetWeaver ABAP system to be able to accept the certificate based logon from Web Dispatcher, it must be configured to accept the certificate of the WD system as a client certificate. SAP Help

Transaction: RZ10

Instance profile

It is necessary to maintain 2 profile parameters:

  • icm/HTTPS/trust_client_with_issuer
  • icm/HTTPS/trust_client_with_subject

These two parameters are needed to let NW ABAP identifiy which client certificate to trust. They define the DN of the client and the DN of the CA that issued the certificate. Even when someone sends a certificate with the same DN as of WD, but signed by a different CA, it won`t be accepted by NW ABAP. This helps to increase the level of security.

To add both, you have to select Change and then Add new parameter

Parameter name: icm/HTTPS/trust_client_with_issuer

The value of the parameter is taken from the Issuer line of the client PSE of the WD.

Parameter name icm/HTTPS/trust_client_with_subject

The value of the parameter is taken from the Subject line of the client PSE of the WD.

The example screenshots show CN=WDP, OU=SSL Client. These are the standard values of the self-signed certificate of WD client PSE. In case you do not have a CA available, self-signed certificates like the above can be used too.

Result

Let the world know
Categories: BasisSAP
Tags:

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

SAP

SAP Development Tech Radar

4 min readThe SAP Development Tech Radar is available online. The source code is available at its GitHub repository. The information used for to place each technology on the radar is in the folder definitions. Read more…

SAP

What if … it is not the technology?

9 min readThe past The SAP Community Network (SCN) [1] went through some changes in the last 20+ years. 2011 a major change was planned, went live in 2012 and did not work as expected. Read more…

SAP

DSAG Technologietage 2024

10 min readMoin Hamburg. Ich bin nicht aus Zucker, ich bin aus Hamburg. Mehr muss man über das Wetter nicht wissen und zum Glück sind die Technologietage keine Freiluftveranstaltung. Montags bei der Anreise und dienstags Read more…