SAP Knowledge Base Article - Public

2231401 - Updated SSL Certificate Renewal process - Recruiting Marketing

Symptom

  • Recruiting Marketing Certificate Renewal Process.
  • Why should I renew my RMK career site certificate?
  • What is the process that I should follow to start the renewal process?

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors Recruiting Marketing (RMK)

Reproducing the Issue

  1. Access the career site;
  2. The browser will indicate that the connection is not secure.

Cause

If the SSL certificate expires, users/candidates accessing the career page will receive a warning message informing them that the connection is not secure. The following image shows an example:certificate.JPG

Please note that this does not mean the career site is down and is not a showstopper. Site visitors can choose between "Click here to close this webpage" or "Continue to this website (not recommended)". However, it's recommended to have the SSL Certificate renewed so that site visitors are not impacted.

Resolution

[NEW] Self-Service Tool for SSL Certificate Renewals (Since November 19th 2021)

Since the deployment of 2H 2021 Release, customers need to renew their SSL certificates via Career Site Builder (CSB) using the self-service function. Product Support is no longer involved in the renewal process. The new function named SSL Certificates is available under the Tools tab in CSB and the same can be permissioned if the customer is using RBP inside CSB. Note that the SSL Certificates tab is only available in RMK Production environments.

1. Prerequisites

  • Manage Career Site Builder from Admin Center for the users responsible for certificate renewals;
  • If RBP is enabled in CSB > Tools, the user should have the permission to access SSL Certificates tab.

Important note : Customers with custom sites (CSB disabled in CMD) should still self serve with their SSL renewals. The SSL Certificates feature is one of the options they have access to under the Career Site Admin Settings. They need to permission CSB as normal (Manage Recruiting > Manage Career Site Builder) and these users will see the Tools section and the SSL Certificates  
This is documented in the Guide under Career Site Admin Settings in Career Site Builder
Note CSB will need to be enabled in Provisioning before permissions can be assigned. This can be done by an implementation partner or by Support. See KBA: 2794889 - Change Requests for Recruiting Marketing Sites Delivered by Product Support - Recruiting Marketing

For more information about the new feature feature refer to:

2. Limitations

  • You can have multiple certificates installed and in use for different domains. However, RMK supports only two URLs configured in CSB > Settings > Site Configuration > Site Information tab, they are:
    • Site URL
    • Use Redirect
  • The SSL Certificates tool in CSB doesn't allow you to upload more than one intermediate certificate. If you have more than one intermediate certificate file to upload, you will need to combine them in one single file to be uploaded (see: 3111993 - How to Upload Two Intermediate Certificates in CSB - Recruiting Marketing). If you only upload one of the intermediate certificates then this could result in the installation being stuck in Installation Requested status

3. New implementations (Instructions for Implementation Partners)

The below steps are applicable for new customers and implementations and is a one time activity only:

    • When either the CSR is requested (option1) or an SSL is installed (option2) under the SSL Certificates tab in CSB for an initial installation, in the background a request gets triggered to add a DNS entry for your RMK career site. This domain is the SAP domain (jobs2web URL) and not the customer's domain. This DNS entry will be created within one business dayThe URL will have the format <SiteId>.jobs2web.com (e.g. 111111.jobs2web.com).
    • Implementation partners will have one final mandatory step to get their customer to add a CNAME entry so their domain points to <SiteId>.jobs2web.com to make the career site accessible over the Internet.

SiteId refers to Site ID number available in Career Site Builder > Settings > Site Configuration > Site Information tab as follows:

4. FAQs about Intermediate Certificate and File Formats

  • What format do I need to use when I upload my certificate to RMK? We request the certificates in PEM format, starting with: “-----BEGIN CERTIFICATE-----”.

  • What kind of file extension is supported by RMK? .pem .cer and .crt for upload.

  • I have my certificate in p7b format. How do I convert to PEM format? You can use openssl tool to convert the file (reach out to your IT department or a consultant to help you to convert a file).
    • Example of command: openssl pkcs7 -inform der -in mycertificate.p7b -out mycertificate.cer
      • where mycertificate.p7b is the certificate in p7b format and mycertificate.crt is the output file in PEM format.
  • How can I download the intermediate certificate of my Certificate Authority (CA)? An intermediate certificate can be downloaded from two places: (a) from the certificate provider site or (b) from the public Internet:
    • In case you only have the certificate, you can use any public site to download (e.g. https://whatsmychaincert.com). ATTENTION: NEVER UPLOAD YOUR PRIVATE KEY TO ANY TICKETING TOOL OR WEBSITE. THIS COULD COMPROMISE YOUR PRIVATE KEY AND MAKE YOUR WEBSITE UNSECURE.
  • I have my certificate in pfx format. How do I convert to PEM format? You can use the openssl tool to convert the file (reach out to your IT department or a consultant to help you to convert a file).
    • Example of commands to accomplish that:
      • openssl pkcs12 -in filename.pfx -out certificate.pem -nodes

      • openssl pkcs12 -in filename.pfx -nocerts -out privatekey.pem

See Also

  • 2563741 - Unable to Access the Production RMK Career Site - Recruiting
  • 3046081 - SSL Certificate Renewal Reminders for Career Sites - Recruiting Marketing
  • 2565122 - Frequent Questions on SSL Certificates for RMK Production Career Sites - Recruiting Marketing
  • 3109381 - Overview About SSL Certificates tab in CSB - Recruiting Marketing

Keywords

RMK, Renewing Certificate, Expired Certificate, CSR, SSL, Self Service Tool, CSB, RMK-25127, Intermedaite Certificate , KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , LOD-SF-RMK-CSB , Career Site Builder , How To

Product

SAP SuccessFactors Recruiting all versions