2H 2021 release has introduced a new feature that lets organizations manage their SSL certificates for the public career sites on their production environments, without the need for Product Support assistance.
In this article we are going to provide an overview about this self-service tool that will be available after the deployment of 2H 2021 release on production.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
SAP SuccessFactors Recruiting Marketing (RMK)
- Career Site Builder (CSB)
The feature RMK-25127 has introduced the ability to manage SSL certificates for RMK career sites inside Career Site Builder (CSB). The SSL Certificates page requires role-based permission to access Manage Career Site Builder from the Admin Center. You can access the page by navigating to CSB > Tools > SSL Certificates.
SSL Certificates Page
In the first screen you will find two options that system admin users can choose to start the certificate renewal process:
- Option 1: recommended one where it's possible to generate a CSR (Certificate Signing Request) file;
- Option 2: Import a certificate based on an old CSR file generated previously or import a certificate including the private key.
SSL Certificates section shows all reference identifiers (Reference ID column). Each entry has an associated Status and validity if the certificates has been imported. In the examples provided we can notice that there're two certificates in use (In Use tag) and another one installed but not in use (Not In Use). A few more entries exemplify certificates uninstalled and CSR files generated.
After generating the CSR file and procure the certificate, customers can upload the same in two steps for the associated reference ID. It's important to mention that the intermediate certificate is required when submitting the SSL certificate.
The option two allows the customer to upload a certificate either associated to a old reference ID (old CSR file) or to import a certificate along with the private key.
Uploading a certificate based on an existing reference ID.
Uploading a certificate and private key (e.g. wildcard certificate).
Reference ID: CSR Details and Certificate Audit History
As we can see in the Reference ID column, the number allow you to review information in one click. There're two type of information available, they are:
- CSR Details;
- Certificate Audit History.
The below images provides an example of which information can be found in the mentioned tabs.
Some error messages might appear while interacting with the SSL Certificates tab. In the following table we are providing a few examples.
RBP Permission in CSB
Customers interested to restrict the access to SSL Certificates tab can use RBP (Role-based Permission) inside CSB so that only a few users will see the tab to manage SSL certificates.
- The certificate installation doesn't complete immediately neither the Status column refreshes the current value automatically. It's necessary to wait a few minutes and then refresh the page to have the column Status updated for a particular entry;
- Customers can have multiple certificates installed and in use. However, it's important to consider the following:
- There's no way to manually indicate that a certificate should be in use. This happens automatically when you install a new certificate. However, if you have more than one certificate issued to the same domain (e.g. test04.sap.corp), in this case only one of the them will stay in use (the last one installed);
- There's no option to hide or limit the number of entries in SSL Certificates section.
- Remember that RMK only supports two domains to access the site. Such domains are defined in:
- Site URL
- Use Redirect
- SSL Certificates tab is only accessible and visible in Production environments. For the stage environments, the tab is hidden;
- SSL Certificates tab access can be controlled via CSB RBP permission;
- Intermediate certificates are required and only one is supported to be uploaded. If your certificate authority provides two intermediate certificates, you will need to combine the two certificate files in one single file (see: 3111993 - How to Upload Two Intermediate Certificates in CSB - Recruiting Marketing).
2231401 - SSL Certificate Renewal - Recruiting Marketing
SSL Certificates, Self Service, CSB, Intermediate, Audit, Private Key, Wildcard, Site URL, Redirect URL, Multiple Certificates, RMK-25127 , KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , LOD-SF-RMK-CSB , Career Site Builder , Product Enhancement