SAP Knowledge Base Article - Public

3086812 - Security Center: Cannot upload X509 certificate in Security Center - Error appears

Symptom

You are trying to upload external x509 certificate via Security Center, but you received the following error.
 
"OData Service executeX509KeyStoreImport Failed, Error Status: error, errorThrown"

Environment

  • SAP SuccessFactors HXM Suite
  • Security center

Reproducing the Issue

  1. Navigate to Security Center and select X509 certificates tab
  2. Select Certification Authority (CA) as External CA 
  3. Click on Browse to upload the *.pem certificate file.
  4. When you select the file the system will throw the error mentioned above.

Cause

Currently in the code we are checking for Basic Constraints extensions in the X509 Certificate to identify whether the certificate is CA or not. The file should contain CA and Intermediate CA(if any) public certificates.

Resolution

We will fix our code to default the X509 certificate to consider as not a CA for those missing with this extensions, for now I suggest to add this constraint to the certificate and upload it.

See Also

3086632 - Integration Center - Cannot Add Self-Signed X509 Certificate to a REST Integration

Keywords

X509, CA, certificate, external CA, security center, "OData Service executeX509KeyStoreImport Failed, Error Status: error, errorThrown" , KBA , LOD-SF-INT-INC-FWK , Integration Center UI Framework , LOD-SF-INT , Integrations , LOD-SF-INT-INC , Integration Center , Problem

Product

SAP SuccessFactors HCM all versions