Symptom
Most common questions on SSL certificates for RMK sites.
Environment
SAP SuccessFactors Recruiting Marketing
Resolution
IMPORTANT NOTE: After November 19th 2021 customers will have to use the new SSL Certificate tab in Career Site Builder to renew their SSL Certificates. With that in mind, Product Support will no longer be part of the certificate installation and renewal process.
- Is the portal where the certificate will be used in IIS (Internet Information Services)? No. The certificate will be used in Apache ( Recommended - Apache - ModSSL )
- Will the certificate be installed in a single server or multiple servers? The certificate will be installed on haproxy, which has the list of all Apache servers mapped to it.
- What certificate type should be provided A certificate bundle (i.e root and intermediate certs as well).
- What certificate formats are accepted : .pem .cer and .crt
- How to create an SSL certificate for the application server? For a production report server, obtain an SSL certificate signed by a known CA (Certificate Authority), such as Digicert, GlobalSign or GeoTrust. SSL certificates signed by a known CA automatically work with the browser to access the server.
- How is the DNS record on the SAP side determined? The DNS i.e. <Site ID>.jobs2web.com configured by RMK Operations team at the time of DNS record addition and is kept standard to identify customer names quickly.
- Will a new cert be required if changes are made to the RMK config (domain change, DCchange)? Yes, a new SSL certificate will need to be issued and installed.
- Will a new cert be required if changes are made to the connected Bizx instance? No, the SSL certificate is only linked to the RMK instance.
- Which port is being used for site access? The customer's RMK Career site will use 443 (HTTPS) port to come to our environment.
- On which application is the certificate hosted? During SSL setup for the customer, we create dedicate VIP over the LB(LoadBalancer) for the customer's RMK URL and we will install the certificate on it.
- Is OCSP Stapling supported? OCSP Stapling cannot be supported within our Cloud Landscapes at the moment. Our advice is to acquire a SSL Certificate with included SCT information.
- Should anything be done about the *.stage.jobs2web.com Certificate Renewal? No, no action is required for stage/test environments. SSL certificates for all stage servers are managed by SAP.
- How to identify the SSL Certificate file? You can open the file and check the "Issued to" field. If this is issued to your common name, e.g. jobs.<company>.com, then this is the file that you should upload to the "SSL Certificate" field in Career Site Builder.
- How to identify the Intermediate Certificate file? You can open the file and check if you see that "Issued to" and "Issued by" have the same value. If, yes, this is the Intermediate Certificate.
- Can SSLs with 4096 bit keys be uploaded and installed via the SSL tool? Yes, Although the CSB CSR generation tool currently only supports 2048 bit keys, such SSLs can be uploaded and installed.
- Can we use an IP address instead of a CNAME record? Yes, but we strongly not recommend doing this. IP address are not static, and your career site will be down if we change IP.
See Also
2231401 - Updated SSL Certificate Renewal process - Recruiting Marketing
2563741 - Unable to Access the Production RMK Career Site - Recruiting
Keywords
SSL certificate, IIS, single server, FAQ, OCSP, CSB, RMK, IP address , KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , How To