SSL and X.509: browser doesn't prompt for a certificate
I am trying to configure my NW ABAP to work with certificates. I have followed the instructions in SAP help for <a href="http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm">Configuring the SAP Web AS for Supporting SSL</a> and <a href="http://help.sap.com/saphelp_nw70/helpdata/en/a8/d9d53a9aa9e933e10000000a114084/content.htm">Configuring the System for Using X.509 Client Certificates</a>. I configured the PSEs, set the profile parameters, imported certificates into my browser from service.sap.com, set values in USREXTID table.
Now I can use the services from SICF via HTTPS with no problem by providing username and password when prompted by web browser. However, I can't make the browser prompt me for a certificate. I tried to play with service parameters in SICF. No matter what I do, my browser never asks me for a certificate. What am I missing?
Thanks for your hints!
Here are my profile parameters:
[code]ssf/name = SAPSECULIB
ssf/ssfapi_lib = $(DIR_CT_RUN)\sapcrypto.dll
sec/libsapsecu = $(DIR_CT_RUN)\sapcrypto.dll
ssl/ssl_lib = $(DIR_CT_RUN)\sapcrypto.dll
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=10
icm/server_port_1 = PROT=HTTP, PORT=8000, TIMEOUT=10
icm/HTTPS/verify_client = 1
snc/extid_login_diag = 1
snc/extid_login_rfc = 1
login/create_sso2_ticket = 2
login/accept_sso2_ticket = 1
login/ticket_only_to_host = 1[/code]
Do you have a reverse proxy like the SAP Web Dispatcher or Apache between your browser and the ICM ?
If yes, it has to be configured to transmit the client certificate.
I would advice to try first without a reverse proxy.
Just a thought, as I'm currently dealing a lot with https and reverse proxies on my current project...