# How to check if hostname is trusted?

Once you have made sure that all the [hostnames are reachable](/cleartax-docs/general/how-to-check-hostname-reachability.md) on port 443, you can move on to the next step to verify if the hostname is trusted by your system.

1. To make sure your ERP trusts Clear hostnames, download the production TLS certificates (all of host certificate, intermediate certificate(s) and root certificate) from <https://docs.cleartax.in/cleartax-docs/clear-finance-cloud/cfc-api-reference#2.-production-environment> and install them in your certificate manager (eg: STRUST or Keystore in case of SAP).
2. To verify this, use T-Code STRUST from SAP and check if all the TLS certificates are added, refer <https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist/steps-to-import-ssl-tls-certificates-in-sap>
3. You need to verify if the Serial Number, Validity and Common Name in the Subject match as shown below.

{% hint style="info" %}
**Note**: The images below reflect the information present in the current certificate as on the date of creating this document. If the certificate is updated in future, you will need to verify the details with the certificate downloaded from the provided link.
{% endhint %}

**For certificate: wildcard.clear.in**

<figure><img src="https://lh6.googleusercontent.com/8bgBkccAGy8nPK7DksyvxEci8LUhULrvSKYFrvB_MpcHulmfZE8X6Fp6BDqt4SdiREnMMr3ltvm4XLby2-4BOt1jTajCt89U3f_BpZUIt1e9myvfTXgCU1KE7S6QT4yPIge7YPlt3WJSCHxTx9DNN4I" alt=""><figcaption></figcaption></figure>

**For certificate: Go Daddy Intermediate:**

<figure><img src="https://lh4.googleusercontent.com/amXG04Fj1sS4NFokqNTMXzypY6Vp6bDwAnRewTEI8q112sEzXW-l5FwHd2K6BVz1aQyua0MP76lod-BjFV7IhdlDF0QZNzMRZh-G3VbmthGo00Xgu6joebcSAJngyEJ7gbJpb4UwiYrDaikMIeF_jtY" alt=""><figcaption></figcaption></figure>

**For certificate: Go Daddy Root:**

<figure><img src="https://lh6.googleusercontent.com/0ChjUSLpPx4R5M8_5tqBRZB52X9L6nj2RJBMY4bxS4BnngqEuhmZx2AhfA84GuqkAvwMY0a2QUVTEf66UJwhfamsEgErkcTKpXjMM3dyWr_neDLv8YGt7ERGF4BBPRg-jKrvqS7GHiPMAYq_kFxYgM0" alt=""><figcaption></figcaption></figure>

To verify if the connection is successful refer <https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist/steps-to-test-connectivity-in-sap>

If you have multiple instances, you will have to ensure that the trust succeeds in ALL of those instances.

{% hint style="info" %}
**Note**: The certificates will be renewed every year and you may have to update the same in the certificate manager (STRUST in SAP) as and when it is updated.
{% endhint %}

After the update, you may need to restart the system (not just ICM, in some cases). In the worst case, if your system Kernel is very old, you may need to upgrade the kernel as well.

If the above steps are successful then you should be able to make successful requests from all your instances to Clear 100% of the time.

If for whatever reasons, the hostname is still not trusted, then your Network team needs to check if SNI is enabled and if the cipher suites are up to date by maintaining required parameters as mentioned in <https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist/steps-to-check-icm-settings-in-sap>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cleartax.in/cleartax-docs/general/how-to-check-if-hostname-is-trusted.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.