Hi Erling,
my answers to your questions.
Question 1
Is it possible to create user certificates manually using SLS?
(Is there a ‘human interface’ to create user certificates and assign ‘common name’ manually? (in the SLC/SLS scenario this is calculated by SLS depending on user credentials)
Answer 1
Yes this is possible
Question 2
Or should we go for another approach e.g. SAP Trust Center?
Answer 2
I would recommend to work with an "own" PKI (Secure Login Server).
--> Security in your hand
--> More flexible for integration/configuration
In general the configuration for the web interface (SSL) is independent from SAP GUI (SNC) configuration.
So of course if 'Web Access for ABAP on UNIX' the is very important for the customer, he can start to setup a SSO solution using X.509 certificates.
Best regards,
Frane