Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

how to create user certificate has CN field with user name

Former Member
0 Kudos

Does anybody know how to generate/create user certificate that has CN field filled with user name? we need it to map user in VUSREXTID. All the post and help I see is on how to map the user to the user certificate, but how do I generate the user certificate in the first place?

Thanks

Jane Zhou

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hello Jane,

first of all, am I right, that you want to use the users certificat in an SNC or SSL environment?

If so, you first have to look which Certification Authority has issued the servers SNC or SSL certificate. Self signed certificates will not work, because then you are not able to provide a trust anchor.

When knowing the issuing CA, it would be best to ask that CA to issue the users certificates also, so you do not have to exchange any root certificates. The Certification Authority will help you getting the certificates to the user. It depends on the supported processes, wether the CA can provide you with automatically generated certificates from eg a list of users or not.

3 REPLIES 3

Former Member
0 Kudos

Hi Jane,

this is done while geenrating the key. How this is achieved is partially depending on your PKI but it essentailly means, that you have to enter the users name at key generation time into the subject field (which essentialy is the CN).

(there are more info about SSL and keys in the wikipedia articel about <a href="http://en.wikipedia.org/wiki/Secure_Sockets_Layer">Transport Layer Security</a>)

So question to you, how do you generate your user keys ?

Regards,

Patrick

Former Member
0 Kudos

Hello Jane,

first of all, am I right, that you want to use the users certificat in an SNC or SSL environment?

If so, you first have to look which Certification Authority has issued the servers SNC or SSL certificate. Self signed certificates will not work, because then you are not able to provide a trust anchor.

When knowing the issuing CA, it would be best to ask that CA to issue the users certificates also, so you do not have to exchange any root certificates. The Certification Authority will help you getting the certificates to the user. It depends on the supported processes, wether the CA can provide you with automatically generated certificates from eg a list of users or not.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Just to mention: the NWAS ABAP does <u>not</u> provide the required CA (certification authority) / PKI (public key infrastructure) functionality. So you require an external PKI.

Special case: the "SAP Passport" (see <a href="http://service.sap.com/TCS">SAP Trust Center Service</a>) - you can request to obtain X.509 client certificates for your users (where SAP operates the CA and you operate the RA, registration authority) to enable SSO for web-based services (using the web browser as frontend).

Cheers, Wolfgang