I've configured our SAP Web Dispatcher to verify client certificates (icm/HTTPS/verify_client = 1 or 2).
The root CA of the client certificates installed on the users' PC's was added to the certificate list of the server PSE-file of the web dispatcher.
When I now want to access a SAP application via the web dispatcher, I indeed receive a popup where I can select my personal certificate to use.
So everything fine so far.
Next step is to restrict access on the individual (or personal) client certificates in order to allow only access for certain authorized users.
Is there a way in the web dispatcher to define a permission table with only allowed distinguished named of the personal client certificates?
Or do I have to add all the authorized personal client certificates in the PSE-file of the webdispatcher (instead of adding only the root CA of those personal client certificates)?