SSO logon with an X.509 certificate offers some benefits. In this blog, I’ll cover the main benefits, problems and attention areas when using X.509 for SSO. As a practical example the X.509 logon with NetWeaver ABAP is shown. To access an ICM service on a NetWeaver ABAP system (NW ABAP), Read more…
The user needs to have a valid X.509 certificate to be able log on at the SAP System (via ICM service). This certificate is issued by the intermediate CA. Create a CSR for a user and let the intermediate CA sign it. Following my own blogs, I get a certificate Read more…
Certificates are based on trust. Trust is established by trusting a PKI and the CA that issues certificates. To establish the trust needed for X.509 based user logon, import the certificates of the issuing PKI. In my case, I do have a root CA and intermediate CA. I’ll have to Read more…
Recently I got some new hardware that I will use to run some useful software. To use the software from anywhere, I’ll need to have remote access. As I cannot do DMZ or port forwarding with my new internet provider, I decided to connect my home server using VPN to Read more…
The overall process is: Create CA Private CA key Create private key Check private key Public CA certificate Create public certificate Check public certificate Sign CSR SHA-1 Create CSR using SHA-1 Check CSR Sign CSR enforcing SHA-256 Check signed certificate SHA-256 Create CSR using SHA-256 Check CSR Sign CSR Check Read more…
Online Certificate Status Protocol, or short: OCSP, let you obtain the revocation status of a certificate. It has some benefits over certification revocation lists, mainly that you can let the OCSP server do the heavy work of validating a certificate and the client gets some additional security when accepting the Read more…
Afaria mobile client can request a client certificate from a corporate CA for the user. This means that the user will get automatically a valid certificate made available for him, without having to go through the complicated process of requesting and installing a certificate. The user won`t even know that Read more…
The steps to install SAP Afaria 7 are: Download installation package and install license SAP Afaria Server SAP Afaria API Service and Administrator Afaria Admin Self Service Portal Enrollment Server Package Server SCEP Plugin-in module This document is about step 8. SCEP Plugin-in module The last component to be installed Read more…
To ensure confidentiality of user data, access to SAP Afaria by users needs to be done using SSL. For this to work, IIS must use its own valid SSL certificate. To do so, first a certificate request for IIS must be created. This request will be handled by the CA Read more…
To enroll an iOS device to SAP Afaria, a certificate for this device is needed. For mobile apps, SAP Afaria client can be used to request a user certificate from the CA. All these requests are handled by SAP Afaria, making the certificate handling transparent to the user. For doing Read more…