Skip to end of metadata
Go to start of metadata

On the ICF System Logon screen, the below warning(!) messages may be displayed:
"No switch to HTTPS occurred, so it is not secure to send a password" (message ICF_SYSTEM_LOGIN 006)
"Protocol cannot be switched to HTPPS; HTTPS is not configured/active" (message ICF_SYSTEM_LOGIN 406)

These warning messages indicate that the (unsecure) HTTP protocol is used, instead of the (secure, SSL protected) HTTPS protocol. In development or test systems this could be acceptable, but in productive environments the HTTPS protocol is recommended.

Note that these warnings are "only" security related - the logon to the system should still be possible (or impossible), regardless of the warnings. Exception is, when the parameter login/ticket_only_by_https is set, which means logon tickets are only sent via HTTPS protocol.

There are two ways to avoid the above warnings.
1. Keep using HTTP protocol, and suppress the warnings in the System Logon settings of the affected service:
1.1. Open the detail view of the affected service (for example /default_host/sap/bc/gui/sap/its/webgui) in the transaction SICF
1.2. Go to the tab "Error Pages" / "Logon Errors"
1.3. Click the button "Configuration"
1.4. Set the checkbox "Do Not Display Warnings"'

2. Use HTTPS protocol instead of HTTP - it depends on the scenario how this should be accomplished. Prerequisite is that a valid HTTPS service is configured in the transaction SMICM, menu item "Goto" / "Services". The port should be other than zero, and the Active flag must be set. 

Possible points of service configuration for HTTPS usage:
2.1. Open the System Logon settings of the affected service in the transaction SICF, and set the option "Switch to HTTPS" or "Logon via HTTPS" in the "Protocol" dropdown
2.2. Open the detail view of the affected service in the transaction SICF, go to the tab "Logon Data", and set the "SSL" radiobutton in the "Security Requirement" section