Importing certificates for an HTTPS connection

To enable a direct HTTPS connection between the SAP system and the AEB data center, you need the ‘Root-SSL’ and ‘Intermediate’ certificates issued by AEB. You can open the required certificates in the Chrome browser using the following links and save them locally as a file.

  1. EV Root:
  2. https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt
  3. EV Intermediate:
  4. https://www.digicert.com/CACerts/DigiCertSHA2ExtendedValidationServerCA.crt

Alternatively, you can also download the certificates from https://www.digicert.com/kb/digicert-root-certificates.htm. Search there for the following names:

New certificates from September 21, 2025

Starting from September 21, 2025, new certificates must be used for communication with rz3.aeb.de.

Type of certificate

Previous certificate

New certificate from September 21, 2025

Intermediate

DigiCert SHA2 Extended Validation Server CA

DigiCert Global G2 TLS RSA SHA256 2020 CA1

Root

DigiCert High Assurance EV Root CA

DigiCert Global Root G2

Download certificates

Download the new certificates via these links:

Alternatively, you can also download the certificates from https://www.digicert.com/kb/digicert-root-certificates.htm. Search there for the following names:

Importing certificates into the SAP system

  1. To install the certificates, start the transaction STRUST. Switch to change mode.
  2. Double-click on SSL CLIENT (default). For setup via the SOAMANAGER, the certificates must also be loaded into the SSL CLIENT (anonymous).
  3. In the Certificate field group, click the Import certificate button.
  4. In the window that opens, select binary for the File format option.
  5. Select the appropriate file with the certificate for import.
  6. Next, click Add to certificate list.
  7. Go to the PSE menu and select Distribute All.
  8. The certificate is now distributed and installed on all application servers.
  9. To update the imported certificates in the ICM, start the transaction SMICM, go to the Administration menu, and select ICMExit SoftGlobal.