After the CA issued the certificate, it must be imported into the PSE that issued the CSR. During the import step a verification of the private / public key will happen. This ensures that you import the right public key into the PSE. This also means that you cannot use another PSE for the CSR, as the private key would be different. SAP Help
Switch on edit mode and select import certificate.
Inform the path to the CRT.
Select load as local file. If the CA exported the certificate as P7B, the content is in Base64 format. If the CA gave you another format, you`ll have to transform the certificate first to Base64. Would be nice if the import wizard of STRUST would do all that work for you, but somehow Basis guys must also defend their working time …
Confirm the import. To see if the certificate was imported, double click on Subject
This shows the certificate information in the certificate section.
The PSE contains now a private key and a valid public key, signed by a CA. Now ICF can use this certificate without having browsers complain about the certificate.