SAP .NET Connector, working with X509 certificates

Question

We had a C# application connecting to SAP backend systemes using the SAPSSO technology. There has now been a need to replace this with X.509 certificates.

When using SAPSSO, the orginal code would make an HTTP call to the target system, and get a cookie containing the ticket to use:

response = (HttpWebResponse)request.GetResponse();
ticket = response.Cookies["MYSAPSSO2"].Value;

That ticket would then be passed to the RfcCustomDestination object to facilitate a secure connection:

prms.Add(RfcConfigParameters.SAPSSO2Ticket, ticket);

The problem is, I can change the enumerated value from SAPSSO2Ticket to X509Certificate,

prms.Add(RfcConfigParameters.X509Certificate, ticket);

but when I do this, no ticket can be returned from the response, since a MYSAPSSO2 cookie is no longer provided.

So how can I generate the needed ticket value for an X509 certificate?

Answer 1

So how can I generate the needed ticket value for an X509 certificate?

There is no such thing as a "ticket for an X.509 certificate". What you need to do is: pass the X.509 certificate itself (in Base64 encoded form) to the prms.Add(...) call.

This of course requires, that the ABAP user, you want to log on with, has an X.509 certificate. Usually, such certificates are generated and signed by the security department of your company. (And also the certificate must have been imported in the ABAP system and mapped to that user. E.g. via transaction CERTRULE.)