SAP Knowledge Base Article - Public

3132774 - Private Key file not accepted in Career Site Builder SSL tool- Recruiting Marketing

Symptom

  • The private key is not accepted when trying to renew the certificate;
  • Error when trying to upload the private key;
  • Unable to install/import the certificate;
  • error : The private key is not valid.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors Recruiting Marketing

Reproducing the Issue

  1. Navigate to Admin Center > Manage Career Site Builder;
  2. Tools > SSL Certificates;
  3. Under Option 2 click on Upload SSL Certificate;
  4. Select "I want to upload an SSL certificate that I obtained using my own CSR." and click on Next;
  5. Upload the files including the Private Key;
  6. After pressing the button Submit;
  7. You will receive an error informing you that the private key is not valid.

Cause

Either the private key is encrypted or it is an RSA private key. Neither are accepted by Career Site Builder.

In order to confirm, open the file that contains the private key and check if there's the prase BEGIN RSA PRIVATE KEY as follows:

or BEGIN ENCRYPTED PRIVATE KEY as follows:

Resolution

RSA private key : 

If you have an issue to upload the RSA private key, you can convert that to a standard private key format with openssl (download from here) command. You can execute to the following command to a standard private key as follow:

openssl pkcs8 -topk8 -nocrypt -in rsa_server.key -out without_rsa_server.key

rsa_server.key = private key (the file can be pem or cer)

without_rsa_server.key = the output (the file can be pem or cer)

The file without_rsa_server.key should be used now in CSB.

Encrypted private key:

How to enencrypt private key?
 
Removing a passphrase using OpenSSL 
  1. Copy the private key file into your OpenSSL directory (or specify the path in the command below).
  2. Run this command: openssl rsa -in [original.key] -out [new.key]
  3. Enter the passphrase for the original key when asked.
  4. The output file [new. key] should now be unencrypted.

Keywords

SSL, Private Key, RSA, CSB, Error, encrypted, encryption , KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , LOD-SF-RMK-CSB , Career Site Builder , Problem

Product

SAP SuccessFactors Recruiting all versions

Attachments

Pasted image.png
Pasted image.png