10-15-2008 3:11 PM
Hi,
I am configuring X.509 certificate in our landscape (ECC 6.0 ABAP + Java stack). Users connecting from Internet should not be asked for User ID and password and this is possible via X.509 certificates.
I had enabled SSL, HTTPS and X.509 on the server.
Now I want to know how the user's client certificates are imported into their Web browsers.
<h4>I mean which certificate has to be imported? And from where we have to download this client certificate.</h4>
Appreciate your help.
Cheers,
RAJU
10-15-2008 4:13 PM
Hi Ganapathi,
Follow the below presentation. There are some slides that talk on importing X.509 certificates into User Browsers.
Regards,
Kiran Kandepalli.
10-16-2008 9:38 AM
Hi Raju,
you might obtain X.509 client certificates from the SAP Trust Center Services. Have a look at [http://service.sap.com/TCS] -> SAP Trust Center Services in Detail -> SAP Passports in your SAP solution.
Best regards,
Klaus
10-19-2008 3:03 PM
There are a lot of places you can obtain a certificate. Where you choose to obtain one depends on its intended purpose.
The previously mentined sites are useful but you need to look at your intended purpose.
If you need to secure financial transaction you can purchase client certificates from one of the many well known Certificate Authorities (CA's) like Verisign, Comodo, Thawte, or GTE Cybertrust (and many more) or you can set up your own CA.
You can implement your own CA using one of the free Certificate Authorities below.
Microsoft Windows Servers (since Windows 2000) come with a component called Microsoft Certificate Services which is a Certificate Authority (CA). The Certificate Services can be fully manual via a web page or integrated into Active Directory for either (or both) automatic certificate enrolment and distribution.
If you want to use Linux or Solaris try [OpenCA|http://www.openca.org|OpenCA.org]. It has only recently been realeased out of Beta.
There are also comercial CA's that you can purchase from several vendors.
10-19-2008 3:10 PM
One last point. Netweaver does not issue certificates. It is not a CA. You need to obtain certificates from a CA and have Netweaver set it to trust the CA's root certrificate. Variasign and many of the comercial CA's are already trusted.
Don't forget you also need to map the certificates to the users. This isn't done automatically!