SAP Knowledge Base Article - Public

2809025 - SSL installation using wildcard certificates - Recruiting Marketing


Is it possible to install an SSL for the RMK career site using a wildcard certificate?


SAP SuccessFactors Recruiting Marketing (RMK)


IMPORTANT NOTE: Since November 19th 2021 customers have to use the new SSL Certificate tab in Career Site Builder to renew their SSL Certificates. As a result, Product Support will no longer be part of the certificate installation and renewal process.

A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains.
We do not recommend using wildcard SSL certificates as it involves the risk of compromising the private key for SSL installation. The private key is "required" and must be shared using a secured channel.

The recommended process when raising a request for a new SSL certificate or an SSL renewal is to generate a Certificate Signing request (CSR).
With this process we have the private key, so there is no issue with compromising the private key in transit.

Note that the disadvantages and risks associated with the use of wildcard certificates are not dictated by SAP.  Information on those can be found online. Some examples are:
Security: If one server or sub-domain is compromised, all sub-domains may be compromised.
Management: If the wildcard certificate needs to be revoked, all sub-domains will need a new certificate.
Compatibility: Wildcard certificates may not work seamlessly with older server-client configurations.

Note that the CSR generation in CSB tool does not currently support the creation of CSRs for wildcard certificates. The * character is not accepted as the first character in the Common Name or SAN fields.
Note this is under consideration as a possible enhancement in a future release.

If the tool limitations do not allow you to fullfill your requirements (such as wildcard CSR or CSR without OU... see KBA 3197486 - Error when generating CSR in SSL Certificates tool - Recruiting Marketing) then you can generate the CSR yourself using some other tool. For some examples please check this page by Digicert, one of the main Certificate Authorities :
If you generate a CSR yourself, then you will have to upload the private key along with the Certificate files (Primary and intermediate) using Option 2 in the SSL tool.

See Also

2231401 - Certificate Renewal - Recruiting Marketing

2528548 - Partner Resources for Career Site Builder Implementations - Recruiting Marketing

2892001 - What is a CSR - Recruiting Marketing

3197486 - Limitations of the CSR generation tool in SSL Certificates tool - Recruiting Marketing


Wildcard, Certificate, SSL, CSR, RMK, Renew, Recommendation, Error , KBA , csg_q , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , LOD-SF-RMK-COR , RMK Core Platform , LOD-SF-RMK-ADM , Administration, Setting, Permissoin & RBP, RecruiterSyn , LOD-SF-RMK-CSB , Career Site Builder , How To


SAP SuccessFactors Recruiting all versions