Symptom
- The private key is not accepted when trying to renew the certificate;
- Error when trying to upload the private key;
- Unable to install/import the certificate;
- error : The private key is not valid.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors Recruiting Marketing
Reproducing the Issue
- Navigate to Admin Center > Manage Career Site Builder;
- Tools > SSL Certificates;
- Under Option 2 click on Upload SSL Certificate;
- Select "I want to upload an SSL certificate that I obtained using my own CSR." and click on Next;
- Upload the files including the Private Key;
- After pressing the button Submit;
- You will receive an error informing you that the private key is not valid.
Cause
Either the private key is encrypted or it is an RSA private key. Neither are accepted by Career Site Builder.
In order to confirm, open the file that contains the private key and check if there's the phrase BEGIN RSA PRIVATE KEY as follows:
or BEGIN ENCRYPTED PRIVATE KEY as follows:
Resolution
RSA private key :
You can convert the key to a standard private key format with a third party tool (such as openssl)
Encrypted private key:
Again, you can use a third party tool to remove encryption.
Important notes :
- You should not use any public online tool to modify your private key to stop it from being compromised.
- You should not simply modify the header of the key. This may get you past the upload stage in the SSL tool but the SSL installation program is unable to handle such invalid private keys so this will result in a failed installation.
-
OpenSSL is an open source project and you can use it for free. OpenSSL official website provides detailed information on how to use it. We cannot advise on the tool itself but should you decide to use it to convert your private key, here is an example of the command you can use : openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in rsa_input.pem -out pkcs8_output.pem
See Also
3240107 - Error when uploading SSL Certificate in CSB - Recruiting Marketing
Keywords
SSL, Private Key, RSA, CSB, Error, encrypted, encryption, rmk, certificate, upload , KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , LOD-SF-RMK-CSB , Career Site Builder , Problem
Product
Attachments
Pasted image.png |
Pasted image.png |