Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SSL and X.509: browser doesn't prompt for a certificate

Hello!

I am trying to configure my NW ABAP to work with certificates. I have followed the instructions in SAP help for <a href="http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm">Configuring the SAP Web AS for Supporting SSL</a> and <a href="http://help.sap.com/saphelp_nw70/helpdata/en/a8/d9d53a9aa9e933e10000000a114084/content.htm">Configuring the System for Using X.509 Client Certificates</a>. I configured the PSEs, set the profile parameters, imported certificates into my browser from service.sap.com, set values in USREXTID table.

Now I can use the services from SICF via HTTPS with no problem by providing username and password when prompted by web browser. However, I can't make the browser prompt me for a certificate. I tried to play with service parameters in SICF. No matter what I do, my browser never asks me for a certificate. What am I missing?

Thanks for your hints!

Regards,

Igor

Here are my profile parameters:

[code]ssf/name = SAPSECULIB

ssf/ssfapi_lib = $(DIR_CT_RUN)\sapcrypto.dll

sec/libsapsecu = $(DIR_CT_RUN)\sapcrypto.dll

ssl/ssl_lib = $(DIR_CT_RUN)\sapcrypto.dll

icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=10

icm/server_port_1 = PROT=HTTP, PORT=8000, TIMEOUT=10

icm/HTTPS/verify_client = 1

snc/extid_login_diag = 1

snc/extid_login_rfc = 1

login/create_sso2_ticket = 2

login/accept_sso2_ticket = 1

login/ticket_only_to_host = 1[/code]

Former Member replied

Igor,

Do you have a reverse proxy like the SAP Web Dispatcher or Apache between your browser and the ICM ?

If yes, it has to be configured to transmit the client certificate.

I would advice to try first without a reverse proxy.

Just a thought, as I'm currently dealing a lot with https and reverse proxies on my current project...

Olivier

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question