--- title: "Setting up HTTPS on SAP servers" slug: "what-are-the-guidelines-for-setting-up-https-in-your-sap-server" updated: 2025-08-03T10:43:49Z published: 2025-08-03T10:43:49Z canonical: "success.panaya.com/what-are-the-guidelines-for-setting-up-https-in-your-sap-server" --- > ## Documentation Index > Fetch the complete documentation index at: https://success.panaya.com/llms.txt > Use this file to discover all available pages before exploring further. # Setting up HTTPS on SAP servers Setting up HTTPS for your SAP server is relevant if you wish to enable [automatic custom code extraction and upload to Panaya](/v1/docs/how-to-automatically-extract-and-upload-your-custom-code) or [](/v1/docs/charm-integration)[integration with ChaRM](/v1/docs/charm-integration). **Important!** This article provides guidelines for setting up HTTPS. Please consult with your Basis Consultant before you proceed. ## **Step 1 - Verify that SAPCRYPTOLIB is installed** The guidelines provided here are applicable for systems where SAPCRYPTOLIB is installed. To verify SAPCRYPTOLIB installation - 1. Enter TCODE **STRUST** 2. Select the environment and then **SSL Client Identities** If SAPCRYPTOLIB  is not installed, you will be able to see the message at the bottom of the screen ![](https://cdn.document360.io/f404076c-de23-4609-848e-2dfd4ef701b0/Images/Documentation/image-1638972770127.png) SAPCRYPTOLIB is not installed?If SAPCRYPTOLIB is not installed, you can download and install 7.22 Kernel for SAP up to Netweaver 7.31 (ERP 6 EhP 6, CRM 7 EhP 2, SRM 7 EhP 2, SCM 7 EhP 2, and others). Then**restart your system**. 3. For systems where SAPCRYPTOLIB is installed, select the Environment and then **Display SSF Version** to view the version details. ![](https://cdn.document360.io/f404076c-de23-4609-848e-2dfd4ef701b0/Images/Documentation/image-1638972783829.png) --- ## **Step 2 - Create Anonymous SSL Client PSE** 1. Create an Anonymous SSL Client 2. If the system appears in Green (as in the image below), 3. If the system appears with a red X, right click on it and select **Create** **![](https://cdn.document360.io/f404076c-de23-4609-848e-2dfd4ef701b0/Images/Documentation/image-1638972793823.png)** --- ## **Step 3 - Import CA (Certificate Authority)** 1. **D******ownload****the [**Panaya Certificate**](https://cdn.panaya.com/downloads/success/Panaya_ABAP_GeoTrust_B64_CertificateFull.290625_300726.cer.zip) 2. **Extract**the file and import the certificate as described in the next steps 3. **Double-click** the name of the instance that shows under the SSL client identity (anonymous) folder, to display the contents of this PSE. Select the**left button**. ![](https://cdn.document360.io/f404076c-de23-4609-848e-2dfd4ef701b0/Images/Documentation/image-1638972804739.png) 4. Use the File Path field to select the certificate file to import, then select **Base64** as the file format ![](https://cdn.document360.io/f404076c-de23-4609-848e-2dfd4ef701b0/Images/Documentation/image-1638972813923.png) 5. Click the **V icon** to submit. The details of the certificate will be displayed ![](https://cdn.document360.io/f404076c-de23-4609-848e-2dfd4ef701b0/Images/Documentation/image-1638972822918.png) 6. Click on the **Add to Certificate List**button You should be able to view the name of the certificate added to the list ![](https://cdn.document360.io/f404076c-de23-4609-848e-2dfd4ef701b0/Images/Documentation/image-1638972831814.png) 7. Click the **Save** button at the top of the screen **Older SAP version?** Older versions of SAP may prompt a notification that the ICM needs to be restarted in order for changes to take effect. In such cases, use TCOE SMICM as described below. --- ## **Step 4 - Change HTTP destination** Change the settings for the HTTP destination, as created in SM59 Set **SSL**status to **Active** For **SSL Client Certificate**, use **ANONYM SSL Client (Anonymous)** **Note** This step applies to defining HTTPS destination only and is not affecting any RFC setting previously defined for your custom code extraction ![](https://cdn.document360.io/f404076c-de23-4609-848e-2dfd4ef701b0/Images/Documentation/image-1638972855964.png) ## **Step 5 - Set Server Parameters** Please set the system profile parameters as shown below: - icm/HTTPS/client_sni_enabled = TRUE - ssl/client_sni_enabled = TRUE **Important!** This activity stops the web server as well as the web client of the SAP system 1. Execute transaction **SMICM** 2. Select **Administration** > **ICM** > **Exit****Soft** > **Global** from the menu options 3. **After a few moments**, click the **Refresh** button until you see the threads Threads should appear as **Available** with**Thread No.****lower than 10**![](https://cdn.document360.io/f404076c-de23-4609-848e-2dfd4ef701b0/Images/Documentation/image-1638972842770.png) Additional certificates If the Anonymous SSL client does not have the root and intermediate certificates installed, be sure to install them from here: [https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem](https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem) (DigiCert Global Root G2) [https://cacerts.digicert.com/GeoTrustTLSRSACAG1.crt.pem](https://cacerts.digicert.com/GeoTrustTLSRSACAG1.crt.pem) (GeoTrust TLS RSA CA G1) More information about these certificates can be found here: [https://www.digicert.com/kb/digicert-root-certificates.htm](https://www.digicert.com/kb/digicert-root-certificates.htm) ##