Symptom
- Our users are not able to launch content from a certain vendor.
- After troubleshooting, our vendor stated the LMS certificate has expired.
- On the LMS side, no certificate renewal was triggered globally
Environment
- SAP SuccessFactors HCM suite
- Learning Management System (LMS)
- Application Certificate (network)
Resolution
Steps to download root certificate from LMS
Log in the LMS application, if it is correct and uses SSL you'll see a small padlock or some other icon that we can click on to get more information about the certificate used at that site.
In the example provided we are using Chrome.
1. Click on the padlock to view the certificate information.
OR
On the newer versions of Chrome you can find the certificate information by right clicking anywhere on the page and selecting "Inspect". This should open the Google Debugger.
Click on the "Security" tab at the top and you should see a button that says "View Certificate" that will allow you to continue.
2. Select "view certificate"
In this case, as with many certificates these days, our certificate is signed by one or more CAs, also known as a "chained root". The topmost CA is the root, and any CAs following are known as intermediate CAs.
We are interested in the two topmost items, VeriSign and VeriSign Class 3 Extended Validation SSL CA. These are the CAs we need to export from the website and import into the *SYSTEM certificate store.
Steps to Export the certificates:
1. From the above screen, double click on the certificate and select "View Certificate"
2. Navigate to the "details tab"
3. Select "Copy to file". This will open the Certificate Wizzard
4. Click on Next
5. You will see a page similar to the following
6. Select "DER encoded binary X.509 (.CER)" and click the Next button.
7. You will now be asked to name the file. You can call it anything you want, but be sure to include the path in the file name.
When exporting "chained" CAs I like to name them numbered in order I will need to import them, so in this case I would call it "c:\temp\cert1.cer" for the top level CA, "c:\temp\cert2.cer" for the next level, and so on.
8. You will then be notified if the export was successful.
9. Repeat this process with each CA in the chain until all of the CAs are exported (2 and 3 in above screenshot).
Note, the bottom item in the list is the actual certificate and does not need to be exported.
Keywords
Successfactors, LMS, learning, certificate, CA root certificate, cert, Certificate Authorities, SSL, Secure Sockets Layer , KBA , LOD-SF-LMS , Learning Management System , LOD-SF-LMS-SER , Config. Consulting & Service Requests , Problem