4

I'm currently using User ID / password basic authentication. What do I need to do, in order to start using X.509 Digital Certificates?

My web application is written in C# and is running on top of IIS.

Additional info: I'll be invoking BAPIs/ zBAPIs with code generated by Rafael My SAP Proxy Visual Studio Plug-in: http://tools.rafaelc.net/default.aspx?id=72. It automatically generates a proxy code.

I'm wondering wether this generated code can be changed to use client certificates and, in this case, what do I need to do.

Sandra Rossi
  • 11,934
  • 5
  • 22
  • 48
John Assymptoth
  • 8,227
  • 12
  • 49
  • 68

1 Answers1

0

I assume you want to use client-certificates.

On the AS-ABAP-Serverside: First you need upload your CA to transaction strust (Directory SSL-Server-Standard). Secondly view VUSREXTID needs to be maintained (see https://wiki.scn.sap.com/wiki/display/Basis/How+to+configure+client+certificate+logon+to+AS+ABAP). I recommend to upload the client-certificate, so the view is maintained with the correct DN of the certificate and the issuer-certificate. The last step is to change the authentication-procedure for the service-node (transaction sicf) to "Required with SSL Certificate": SLL Client authentication service

J.Gerbershagen
  • 316
  • 1
  • 3