Business case : While using charm in solution manager, change manger receives an email notification to approve the change request via CRM_UI link in the email body. Once change manager clicks on the given URL in email, it is required to enter username password to see the required CR for approval.
It is possible to make use of Microsoft certificate store to open below Solution manager link without need of entering username/password.
CRM_UI link:– https://<hostname>:<port>/sap/bc/bsp/sap/crm_ui_start/default.htm
Steps to follow :-
- Configure service (SICF)
- Sign SSL server PSE (Strust)
- Create Rule for certificate Logon (CERTRULE)
- Configure service in SICF
Change security requirement from standard to SSL & save your changes
Step 2 :Sign SSL server PSE (Strust)
PSE before signing
PSE after signing by Signing Authority
3. Create Rule for certificate Logon (CERTRULE)
Prerequisite:- Please check if SAP note 2722739 is applicable.
Add below parameter in instance profile
login/certificate_mapping_rulebased =1
Note:- System restart is required for permanent change, however the parameter value can be changed dynamically in RZ11
Go to transaction CERTRULE
import your Microsoft store certificate. to create the rule
Go in Edit mode to create rule
Save
if all information is correct below status will be green
Result :- The user is able to access CRM_UI url without entering username password. The credentials are verified with Microsoft certified Store information.