Skip to Content
Jun 24, 2022 at 10:16 AM

SAP CPQ User Certificate


I plan to use user certificate in CPQ to authenticate the API calls instead of the username/password..

Please check the details below,

I have generated X509 certificate using "openssl" and self-signing it. Uploaded it in SAP CPQ for me at Setup->Certificate Management->User Certificates

Used Postman to pass the certificate and left username, password fields blank in the SOAP call "SimpleProductAdministration".

Passed "domain" value in the Header.

I am getting invalid username/password.

Please let me know the steps.

1. How to generate the mTLS certificate for testing? Is there a sample certificate for testing? or provide me with "openssl" commands to generate a self-signed certificate (mTLS Client and Server certificate)?

2. Please check the payload below and let us know if anything is missing?

3. Is header "domain" correct key to pass? Please provide the correct header ?

4. If any other steps / configuration required then please specify?

<?xml version="1.0" encoding="utf-8"?>" xmlns:xsd="" xmlns:soap="">


<userName />

<password />



<Products xmlns="">


.......................................[product details]