Show TOC

Setting Up Browser Certificates for admin-tooling-name ConnectionsSAP Control Center ConnectionsLocate this document in the navigation structure

To avoid security exceptions when launching SAP Control Center, set up security certificates correctly.


This task is required when:
  • The browser session starts from a host computer that is remote from the SAP Control Center installation.
  • The browser session starts on the same computer as SAP Control Center and reports a Certificate Error. The installer automatically sets up a local security certificate, but the certificate installed for https in the web container keystore is a self-signed root certificate, which is not recognized by the client browser.
  • The host computer does not have Visual Studio Certificate Manager SDK installed.

Alternatively, follow browser-specific instructions to accept the certificate into the Windows certificate store.


  1. Change the default shortcut to use the full host name of the computer on which SAP Control Center has been installed.
    The host name is required because the default self-signed generated certificate the installer issues cannot be assigned to “localhost.”
    For example, change the shortcut URL to something similar to:
    "%ProgramFiles%\Internet Explorer\iexplore.exe"
  2. Add the certificate to the Windows certificates store.
    1. Extract the self-signed certificate:
      SMP_HOME\sapjvm_7\bin\keytool.exe -exportcert -alias jetty 
      -keystore SCC_HOME\services\EmbeddedWebContainer\keystore -file cert.crt
    2. Click Start of the navigation path Start Next navigation step Run End of the navigation path, type mmc, and then click OK to import the cert.crt file into the host computer’s Windows store with the Windows Certificate Manager. The default password for both the keystore and the alias is "changeit".