Hello everybody,
Due to SAP Notes 1975482 it should be possible on SAP NetWeaver Single Sign-On 2.0 Support Package 03 to use Certificate Revocation Check (CommonCryptoLib) on backend site. So I've configured all relevant xml parameters for CommonCryptoLib (SAP Note 1996839 ) on specific SAP Test System. For Example I set revocation check (revCheck = yes) and set the specific path for CRL Cache Directory where the latest Certifcate Revocation Lists (CRL's) from the Intermediate CA's are stored.
After Configuration I tested PKI Login on SAP GUI / SAP Test System with a locked PKI-Certificate which is listed in CRL, but I get Access to SAP System, so he didn't check against CRL / CommonCryptoLib on backend site. Did I forget a configuration task?
I also found a SAP documentation to configure Certificate Revocation on SAP Systems with transaction STRUST but in my point of view is this an alternative way to Certifcate Revocation Check (CommonCryptoLib) on backend site or am I wrong? Could anyone help me?
Thank you very much.