SAP Knowledge Base Article - Public

3132774 - Private Key file not accepted in Career Site Builder SSL tool - Recruiting Marketing

Symptom

  • The private key is not accepted when trying to renew the certificate;
  • Error when trying to upload the private key;
  • Unable to install/import the certificate;
  • error : The private key is not valid.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors Recruiting Marketing

Reproducing the Issue

  1. Navigate to Admin Center > Manage Career Site Builder;
  2. Tools > SSL Certificates;
  3. Under Option 2 click on Upload SSL Certificate;
  4. Select "I want to upload an SSL certificate that I obtained using my own CSR." and click on Next;
  5. Upload the files including the Private Key;
  6. After pressing the button Submit;
  7. You will receive an error informing you that the private key is not valid.

Cause

Either the private key is encrypted or it is an RSA private key. Neither are accepted by Career Site Builder.

In order to confirm, open the file that contains the private key and check if there's the phrase BEGIN RSA PRIVATE KEY as follows:

or BEGIN ENCRYPTED PRIVATE KEY as follows:

Resolution

RSA private key : 

You can convert the key to a standard private key format with a third party tool (such as openssl) 

Encrypted private key:

Again, you can use a third party tool to remove encryption.

Important notes :

  • You should not use any public online tool to modify your private key to stop it from being compromised.
  • You should not simply modify the header of the key. This may get you past the upload stage in the SSL tool but the SSL installation program is unable to handle such invalid private keys so this will result in a failed installation.
  • OpenSSL is an open source project and you can use it for free. OpenSSL official website provides detailed information on how to use it. We cannot advise on the tool itself but should you decide to use it to convert your private key, here is an example of the command you can use : openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in rsa_input.pem -out pkcs8_output.pem

 

See Also

3240107 - Error when uploading SSL Certificate in CSB - Recruiting Marketing

Keywords

SSL, Private Key, RSA, CSB, Error, encrypted, encryption, rmk, certificate, upload , KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , LOD-SF-RMK-CSB , Career Site Builder , Problem

Product

SAP SuccessFactors Recruiting all versions

Attachments

Pasted image.png
Pasted image.png