Hi,

Is it normal that HTTP is redirected to HTTPS?

In my experience, it isn't normal but it happens if the ICM profile parameter 'icm/HTTP/redirect_0' is configured to specifically do that.

Is ICM the reference and wins over the web service configuration in SOAMANAGER?

Just an educated guess here, the ICM configuration should take precedence over the SOAMANAGER configuration as the ICM config is applicable to the entire application server not just specific web services.

How are ICM and SOAMANAGER related then?

Following on from the comment above, to me it makes no sense to enable both http & http communication for the app server in the ICM & then have a redirect to https for http. This would then negate any http type config done in SOAMANAGER. If you don't want plain http communication then disable http in the ICM & only leave https enabled.

Why is a certificate required if the web service has not security set whatsoever?

There is another ICM profile parameter that is relevant in this case because of the HTTPS redirect, it's called 'icm/HTTPS/verify_client'. Possible values are 0, 1 & 2 with different pre-requisites, read more about it here:

http://help.sap.com/saphelp_nw04s/helpdata/en/0d/88153a1a5b4c2de10000000a114084/content.htm

Regards

Karthik.R