This blog is meant for Administrators of Duet

This blog provides a quick overview on how to configure Duet 1.0 to use X.509 certificates. Enterprises as part of their security infrastructure use X.509 certificates to authenticate and authorize user access to corporate resources. X.509 certificates are used during the web-services calls made from the Duet clients to SAP backend servers. All X.509 certificates have expiration dates. Enterprises control the validation period for these certificates.

Default configuration of Duet is to not use X.509 certificates. Not all enterprises issue X.509 certificates to the end users because of the complexity involved in managing the certificates. However in enterprises that do issue X.509 certificates to users, Duet can be configured to use these certificates.

Group policy settings:

These settings described below configure Duet to use X.509 certificates while making web service calls to SAP backend servers.

Parameters Common Name (CN), Organization (O), Country Name (C) are to be filled in. Click the link below for picture how the group policy will be for these parameters.

http://blogs.msdn.com/photos/teamduet/images/6787393/original.aspx

Duet will wait for the certificate to be deposited in the "users personal certificate store" prior to making the web service calls.

In the absence of the certificates, user will get periodic notifications informing the absence of the certificates. The user has to contact the administrator to obtain the certificates.

The checkbox "Do not show X.509 Certificate missing notifications" can be used to suppress the "notifications" regarding the absence of the certificates. This is useful when the administrator has acknowledged the problem and is working on it.

Disabling X.509 authentication

Uncheck the check box "Use X.509 Authentication" in the Group Policy settings dialog and X.509 certificate will not be used in those computers while making the web service calls to SAP backend server.

-Ramakrishnan Nagasamy Program Manager, Duet