3109381 - Overview About SSL Certificates tab in CSB - Recruiting Marketing

2H 2021 release introduced a feature that lets organizations manage their SSL certificates for the public career sites on their production environments, without the need for Product Support assistance.

In this article we are going to provide an overview about this self-service tool.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP SuccessFactors Recruiting Marketing (RMK)

• Career Site Builder (CSB)

The feature introduced the ability to manage SSL certificates for RMK career sites inside Career Site Builder (CSB). The SSL Certificates page requires role-based permission to access Manage Career Site Builder from the Admin Center. You can access the page by navigating to CSB > Tools > SSL Certificates.

SSL Certificates Page

In the first screen you will find two options that system admin users can choose to start the certificate renewal process:

• Option 1: recommended option to generate a new CSR (Certificate Signing Request) file every time the SSL is renewed.
• Option 2: Import a certificate including the private key based on a CSB procured somewhere else

SSL Certificates section shows all reference identifiers (Reference ID column). Each entry has an associated Status and validity if the certificates has been imported. In the examples provided we can see that there're two certificates in use (In Use tag) and another one installed but not in use (Not In Use). A few more entries exemplify certificates uninstalled and CSR files generated. 

Option 1

After generating the CSR file and procured the certificate, customers can upload the same in two steps for the associated reference ID. It's important to mention that the intermediate certificate is required when submitting the SSL certificate.

Option 2

Option 2 enables customers to upload an SSL certificate (e.g. wildcard certificate) along with the private key that is obtained using their own CSR.

Reference ID: CSR Details and Certificate Audit History

As we can see in the Reference ID column, the number allow you to review information in one click. There're two type of information available, they are:

• CSR Details;
• Certificate Audit History.

The below images provides an example of which information can be found in the mentioned tabs.

Error Messages

Some error messages might appear while interacting with the SSL Certificates tab. In the following table we are providing a few examples.

Legend:

RBP Permission in CSB

Customers interested to restrict the access to SSL Certificates tab can use RBP (Role-based Permission) inside CSB so that only a few users will see the tab to manage SSL certificates.

General Considerations

• The certificate installation doesn't complete immediately and the Status column does not refresh immediately either. It's necessary to wait a few minutes and then refresh the page to have the column Status updated for a particular entry;
• Customers can have multiple certificates installed and in use. However, it's important to consider the following:
  
  • There's no way to manually indicate that a certificate should be in use. This happens automatically when you install a new certificate. However, if you have more than one certificate issued to the same domain (e.g. test04.sap.corp), in this case only one of the them will stay in use (the last one installed);
  • There's no option to hide or limit the number of entries in SSL Certificates section.
• Remember that RMK only supports two domains to access the site. Such domains are defined in:
  
  • Site URL
  • Use Redirect
• SSL Certificates tab is only accessible and visible in Production environments. For the stage environments, the tab is hidden;
• SSL Certificates tab access can be controlled via CSB RBP permission;
• Intermediate certificates are required and only one is supported to be uploaded. If your certificate authority provided two intermediate certificates, you will need to combine the two certificate files in one single file (see: 3111993 - How to Upload Two Intermediate Certificates in CSB - Recruiting Marketing).
• Only SSL Certificates from a publicly accepted Certificate Authority (CA) should be used. Internally issued certificate will install but will not be trusted by browsers and result in privacy errors for candidates.

2231401 - SSL Certificate Renewal - Recruiting Marketing

SSL Certificates, Self Service, CSB, Intermediate, Audit, Private Key, Wildcard, Site URL, Redirect URL, Multiple Certificates, RMK-25127 , KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , LOD-SF-RMK-CSB , Career Site Builder , How To