SAP Knowledge Base Article - Public

2509971 - FAQs on the impact of Successfactors Certificate Renewal if you use APIs (SFAPI/OData API/adHoc API)


Dear SuccessFactors Customer,

When you receieve certificate renewal notification from SAP and if you are using Successfactors integration with SAP or Non-SAP application via APIs (SFAPI/OData API/Adhoc API), below is the action needed from your end:

  • SF Domain certificate for API endpoint URL needs to be updated.
  • These updates should be conducted by your internal IT resources with the new certificate information that could be found below.

Please note that without this change, it is possible that your applications will not work in the Non-Production or Production SF environment.




FAQs on SAP Successfactors Certificate Renewals


Question1: How do I know if I am impacted by the certificate renewal?

Answer: You will be impacted by the Certificate renewal activity only if-

  • You are using our APIs (SFAPI/Odata API/Adhoc API) and have some integration scenario setup for your SFSF Instance.
    • You can find list of API URLs for all datacenter HERE
  • You are connecting to some third party sftp from the SFSF Instance for any read/write operation.
  • You are using some middleware (eg: SAP HCI/PI/Boomi) for integration setup.
  • The Successfators API domain for which the certificate is being renewed (Eg: * is same as the domain you are using to access/connect to Successfactors API server  using API URL as the endpoint URL.

Question 2: What if I am using middleware’s that are supported by SAP? Will I still have to do it on my own?

Answer: Yes, you need to upload the new certificates yourself on your ERP/SAP PI/HCI system.

  • Earlier, maintaining HCI keystore was done by SAP but now that has been made available as a self-service.
  • In ERP, you can upload the renewed SF certificates in transaction 'STRUST'.
  • For Boomi, if you are using the SFSF Hosted Cloud atom of the same DC where your instance resides, you need not make any changes.
  • However, if you are using a local atom/Dell Atom Cloud in Boomi to connect to our APIs, you may need to upload the certificates in Boomi.


Question3: Who will upload the new certificates?

Answer: This must be done by the customer themselves.


Question4: What are these certificates used for?

Answer: These certificates are used for the SSL/TLS Handshake that any system using the 'secure' protocol does before allowing connection to/from the system. In our case, the Successfactor uses the 'secure' https protocol and hence the SSL Handshake is must for any system to connect to these url's.


Question5: My system has SSO enabled. Will that also be impacted?

Answer: No. This has no impact on SSO.


Question6: I have my learning interfaces running. Will they also be impacted?

Answer: If the certificate renewal is for * domain then there will be no impact on Learning interfaces as the learning module usually has the access domain *


Question7: When should I renew the certificates?

Answer: It is recommended to renew the certificates soon after they are available

See Also

2469460 - Key-store management in SAP Cloud Platform Integration for process services

2203741 - How to download Successfactors or API SSLCertificate?

2472938 - How to add Certificates in your Boomi Enviroment Extensions

2508786 - * SSL Certificate renewal 30th June 2018 "

2056672 - How to import server certificates in PI system


  • Certificate renewal
  • New certificates
, KBA , LOD-SF-INT-API , SF API & Adhoc API Framework , LOD-SF-INT , SF Integrations - EC Payroll, Boomi/ HCI, API , Problem


SAP SuccessFactors HCM Suite all versions