Client Certificate Authentication with Self-signed Certificates

Hi Experts.

I am working with a client who wants to allow access to its AS2 services (SAP B2B Addon)  ONLY through X.509 Client Certificate Authentication.

Fig 1.  Just an example of how partners will configure our services.

We've been arguing about if this options can be used with self-signed certificates (OPTION 1) or if we can ONLY use certificates issue by a

Certification Authority (CA) as part of a public-key infrastructure (PKI) or a Trust Center Service (like VeriSign) (OPTION 2) .

The following SAP documentations explain that this can be done with OPTION 2

https://help.sap.com/saphelp_nw70ehp1/helpdata/en/62/881e3e3986f701e10000000a114084/content.htm?frameset=/en/b0/881e3e3986f701e10000000a114084/frameset.htm&current_toc=/en/1c/ad1640033ae569e10000000a155106/plain.htm&node_id=36&show_children=false

https://help.sap.com/saphelp_nw73/helpdata/en/4f/991d85b10c16c7e10000000a42189d/content.htm

There are some SAP consultants that said that this can be done with self-signed certificates. But none of them have explained how can this be achieved. We run the authentication with TrustedCAs Certs and run OK!. With Selfsigned Cert doesn't run..  (see both logs on following picture.)

I need a official stand from SAP about Self signed cert and Certificate authentication.  Or I need a way to configured this scenario with Selfsigned certs. Any comments will be appreciated.

Regards
Henry