If the SAP (server) certificate is signed by a trusted CA authority and the authority is on list of trusted authorities in SAP Windows system (transaction STRUST), this step is not necessary. If However, if the certificate is untrusted or self-signed, it must be imported as trusted to SAP, transaction STRUST. The indication the certificate is untrusted can be found in ICM trace file in SAP (transaction SMICM, menu Goto -> Trace File -> Display End), scroll in search for SSL errors:
...
To trust the certificate, it must be imported to an appropriate store in SAP in Trust Manager (transaction STRUST).Windows certificates store, to Trusted Root Certification Authorities folder of Local Computer.
...
The certificate imported to SAP does not need (and should not) contain the private key, which was embedded into the .pfx file as one of the first steps described in this document. Instead, the certificate imported here should only contain certificate-wrapped public key of the server.
...