Trust the certificate

Owned by proaxia
Last updated: Feb 04, 2022
1 min read

If the certificate is signed by a trusted CA authority and the authority is on list of trusted authorities in SAP system (transaction STRUST), this step is not necessary. If the certificate is untrusted or self-signed, it must be imported as trusted to SAP, transaction STRUST. The indication the certificate is untrusted can be found in ICM trace file in SAP (transaction SMICM, menu Goto -> Trace File -> Display End), scroll in search for SSL errors:

SMICM Log

To trust the certificate, it must be imported to an appropriate store in SAP in Trust Manager (transaction STRUST).

 

The certificate imported to SAP does not need (and should not) contain the private key, which was embedded into the .pfx file as one of the first steps described in this document. Instead, the certificate imported here should only contain certificate-wrapped public key of the server.



If you'd like to help us improve the documentation, please provide your feedback using the communication channels listed /wiki/spaces/PFCC/pages/1561427969. Learn about support possibilities here.