We have an SICF node (with HTTP Class Handler) setup and want to do the client authentication using certificates. The Login Procedure is C (Required with SSL Certificate). However, when we call the service the browser is not prompted for a certificate and we get a 403 error:
The termination occurred in system ESA with error code 403 and for the reason Forbidden. This service requires a client certificate for the logon procedure.
We have parameter icm/HTTPS/verify_client set to 1
SMICM Trace Log:
[Thr 5264] <<- SapSSLSessionInit()==SAP_O_K [Thr 5264] in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)" [Thr 5264] out: sssl_hdl = 00000000246FB0E0 [Thr 5264] NiIBlockMode: set blockmode for hdl 406 TRUE [Thr 5264] SSL NI-sock: local=194.11.93.51:443 peer=10.60.182.87:65143 [Thr 5264] <<- SapSSLSetNiHdl(sssl_hdl=00000000246FB0E0, ni_hdl=406)==SAP_O_K [Thr 5264] <<- SapSSLSessionStart(sssl_hdl=00000000246FB0E0)==SAP_O_K [Thr 5264] status = "resumed SSL session, NO client cert"
This seems to indicate that no certificate was sent but our understanding is the server must request it and the client (IE) will prompt the user. Also tried in FF and Chrome - no certificate prompt appears.
