SAP Knowledge Base Article - Public

2483214 - Errors due to LMS certificate

Symptom

  • Our users are not able to launch content from a certain vendor.
  • After troubleshooting, our vendor stated the LMS certificate has expired.
  • On the LMS side, no certificate renewal was triggered globally

Environment

  • SAP SuccessFactors HCM suite
  • Learning Management System (LMS)
  • Application Certificate (network)

Resolution

Steps to download root certificate from LMS


Log in the LMS application, if it is correct and uses SSL you'll see a small padlock or some other icon that we can click on to get more information about the certificate used at that site.

In the example provided we are using Chrome.

1. Click on the padlock to view the certificate information.

OR

On the newer versions of Chrome you can find the certificate information by right clicking anywhere on the page and selecting "Inspect".  This should open the Google Debugger.  
Click on the "Security" tab at the top and you should see a button that says "View Certificate" that will allow you to continue.

2. Select "view certificate"

certificate_1.png

In this case, as with many certificates these days, our certificate is signed by one or more CAs, also known as a "chained root".  The topmost CA is the root, and any CAs following are known as intermediate CAs.

We are interested in the two topmost items, VeriSign and VeriSign Class 3 Extended Validation SSL CA.  These are the CAs we need to export from the website and import into the *SYSTEM certificate store.

certificate_1.2.PNG

Steps to Export the certificates:

1. From the above screen, double click on the certificate and select "View Certificate"

2. Navigate to the "details tab"

3. Select "Copy to file". This will open the Certificate Wizzard

4. Click on Next

5. You will see a page similar to the following

certificate_3.2.png

6. Select "DER encoded binary X.509 (.CER)" and click the Next button.

7. You will now be asked to name the file.  You can call it anything you want, but be sure to include the path in the file name. 
When exporting "chained" CAs I like to name them numbered in order I will need to import them, so in this case I would call it "c:\temp\cert1.cer" for the top level CA, "c:\temp\cert2.cer" for the next level, and so on.

8. You will then be notified if the export was successful.

9. Repeat this process with each CA in the chain until all of the CAs are exported (2 and 3 in above screenshot). 
Note, the bottom item in the list is the actual certificate and does not need to be exported.

Keywords

Successfactors, LMS, learning, certificate, CA root certificate, cert, Certificate Authorities, SSL, Secure Sockets Layer , KBA , LOD-SF-LMS , Learning Management System , LOD-SF-LMS-SER , Config. Consulting & Service Requests , Problem

Product

SAP SuccessFactors Learning 1511 ; SAP SuccessFactors Learning 1602 ; SAP SuccessFactors Learning 1605 ; SAP SuccessFactors Learning 1608 ; SAP SuccessFactors Learning 1611 ; SAP SuccessFactors Learning 1702 ; SAP SuccessFactors Learning 1705 ; SAP SuccessFactors Learning 1708 ; SuccessFactors Learning 1207 ; SuccessFactors Learning 1210 ; SuccessFactors Learning 1302 ; SuccessFactors Learning 1305 ; SuccessFactors Learning 1308 ; SuccessFactors Learning 1311 ; SuccessFactors Learning 1402 ; SuccessFactors Learning 1405 ; SuccessFactors Learning 1408 ; SuccessFactors Learning 1411 ; SuccessFactors Learning 1502 ; SuccessFactors Learning 1505 ; SuccessFactors Learning 1508