SSO with Secure Login Server: Enrollment Failed

Hi Community gurus,

we are trying to set up NW SSO 1.0 in our SAP environment, using Secure Login Server and X.509 certificates. I've gone through some guides and feel I've got everything ready, but when I log into an end user machine and open the SL Client, it shows a grey X.509 certificate with the text "you are not logged in." The Kerberos token above it looks correct (my user ID and it is active).

When I look into the Secure Login Client trace after such an attempt, I see (among lots of other output I'll spare you unless you need it) this text:

sbus | sbus | Supplied Credentials not accepted by the server.Enrollment failed

What kind of credentials is the Secure Login Server expecting from the client? Do I have to turn on certificate authentication in NWA of the SLS? I thought the Kerberos token was supposed to authenticate me to the SLS and SLS would query the AD for my authenticity?

Any assistance would be greatly appreciated!

Thanks,

Peter