SAP Knowledge Base Article - Public

3052123 - SuccessFactors: How to generate X509 self signed certificate in pk12 or pem extension


In this article, you would see an example of generating self signed certificate in pk12 or pem format.

NOTE: Steps includes external resources  to be installed to generate the keypair and this is not owned by SAP. Below steps should be considered out-of-box information.



Step1: Generate pk12 certificate

  • Install openSSL with Windows operating system using cygwin as documented below:

  • Open cygwin terminal and enter command in below format:
    keytool -genkey -alias mykeypair -keyalg RSA -sigalg SHA256withRSA -keystore mykeypair.p12 -keysize 2048 -storetype pkcs12 -validity 356 -dname "CN=SF Admin, OU=Cloud Operations,, C=US"

    Note: In above example:
    • certificate name is mykeypair.p12
    • validity is 356 days
    • All parameters under -dname can be filled based on your detail. More info on description can be found here under point 3: LINK
  • Execution of above command would prompt you for password which should be of minimum 6 characters

Step 2: Convert p12 keystore to PEM file

  • Execute $ openssl pkcs12 -in mykeypair.p12 -out mykeypair.pem -nodes
  • Enter password and press enter

Step 3: Display X509 keypair

  • Execute $ cat mykeypair.pem

Note that mykeypair.p12 and mykeypair.pem certificate would be available in your Cygwin folder as you see below:


KBA , LOD-SF-INT-ODATA , OData API Framework , How To


SAP SuccessFactors HXM Suite all versions