10-06-2010 6:10 AM
Dear Techis.
Good Day!
I am trying to implement SSO function for webase Gui (HTTPS and SAP ECC 6 AS ABAP System) and using Digital Certificate for the user authentication.
I have already done the followings:
1- I have configured my SAP ECC AS ABAP Server for SSO / HTTPS.
2- My server is signed with SAP AG test root Server certificate.
3- I am using x.509 Client certificate
4- I have mapped this client certificate in table USREXTID
5- I have also installed the above client certificate in my browser.
But when I try to access the Server thru HTTPS web link, I get the windows give certificate error message (which is acceptable)
u201CThe Security Certificate presented by this website was not issued by a trusted certificate authorityu201D
I proceed with u201CContinueu201D option.
The System asks for the user ID and password and work fine after providing user ID/ PW.
My question is that, why my digital certificate is not being used / processed for the authentication?
Looking forward for the positive replies.
Regards
Saqib Ayub Khan
10-06-2010 7:01 AM
Hi,
it looks like authentication using SSL certificate failed and the system went back to backup method (user name and password). Have you tried to activate tracing in SMICM (Goto -> Tracelevel -> Set) to see what the problem is?
Cheers
10-06-2010 7:08 AM
Dear Martin Voros
Thanks for the reply.
Yes my SMICM trace level is 3, but I have not been able to identify any error message there.
Since its trace level is 3, it wouldnu2019t be a good idea to post it here!
Can I attaché / send it separately? Or can you tell me what exactly should I try to find from the SMICM log?
10-06-2010 10:01 AM
Hi,
>3- I am using x.509 Client certificate
This client certificate must be signed and the certification authorities must be imported in STRUST. Did you do that ?
Regards,
Olivier
10-06-2010 12:24 PM
Dear Olivier
I am using http://www.getacert.com/ web site to generate the certificate, can you pls. elaborate more how can I include my certificate in STRUST? Actually I believe I canu2019t include my certificate with Private Key (i.e in the form of Personal Information Exchange (.p12), I have to save it in (.cer) and then include it in STRUST, if itu2019s the case? Then yes I have done that u2026
Is there any way I can share my screenshots on this forum? I believe there is a small thing I am missing somewhere.
Are you using the same scenario in your environment?
Regards
10-07-2010 6:01 AM
I have uploaded the SMICM trace file on the link below and highlighted some finding with gray color!
[SMICM Trace|http://www.zshare.net/download/81220708a199f079/]
Regards
Saqib
10-07-2010 12:03 PM
Hi,
it looks like your browser does not return any certificate (line status = "new SSL session, NO client cert") and therefore your application server continues with username/password option. I can't see why it does not send anything. Have you tried with different browser?
Cheers
10-07-2010 12:44 PM
Dear Martin Voros
Thanks for the advice, I have already checked it with the Chrome, but it didnu2019t work with it
But now I have just downloaded and installed Firefox. Now with this change I can see some different in SMICM logs as well. You may find it from the below link!
http://www.zshare.net/download/81231149a5af37c4/
Thanks for the advice, I believe we are near to solve it.
Regards
Saqib