3150608 - RMK SSL Certificate - Discrepancy between CSB and the expiry notification

CSB users are receiving a notification informing them of upcoming SSL certificate expiry. When checking the SSL Certificate tab in CSB, the expiration date is different from what the notification announced and further in time.

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

SAP SuccessFactors Recruiting Marketing (RMK)

You receive a notification warning of the upcoming expiry of the RMK SSL certificate:

But checking in CSB, the expiry date is much further in time:

This happens when the customer is using a non-standard setup, with a third party tool type CDN (Content Delivery Network) or WAF (Web Application Firewall). The certificate installed for the third party does not match the one installed with CSB. 

As a result, CSB displays the information matching the installation, while the expiry warning is checking the certificate associated with the website URL, which is the one coming from the CDN/WAF.

Customers need to review this internally with their IT team. The certificate installed on the third party tool should match the one from CSB and the DNS entries need to be correct as well. SAP cannot provide detailed guidance on this issue as this is a non-standard setup, and we do not have access to the CDN/WAF configuration.

We will update our documentation to warn about this particular configuration in future releases.

SSL certificate, expiry notification, discrepancy, ssl reminder, reminder not match, ssl certificate expiry date , KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , Problem