/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
After populating the fields in the CSR form and clicking the Generate button, some values are not accepted and the CSR cannot be generated.
Environment
SAP SuccessFactors Recruiting Marketing
Reproducing the Issue
- Select Option 1: To obtain and install your SSL (typical)
- Select step 1 : Generate a CSR
- Populate fields in 'Generate Certificate Signing Request' form
- Click on Generate
- Validation errors appear
Cause
These errors are due to product limitations. Some characters are currently not supported in the CSR generation tool. They are:
- Use of a number as first character for the subdomain in the Common Name (CN) or Subject Alternative Name (SAN) such as jobs.1.com
Note this is being considered for enhancement in a future release. - Use of wildcard character as first character for the subdomain in the Common Name (CN) or Subject Alternative Name (SAN) such as *.company.com
Note this is being considered for enhancement in a future release.
Note it is also not currently possible to generate the CSR via the CSB tool without a value populated in the Organizational Unit (OU) field as this field is marked as required.
Note this is being considered for enhancement in a future release.
Another limitation is the fact that even if the email field is populated in the CSR generation form, this will not be shown on the CSR itself for data privacy reasons. Most CAs do not require this information for the same reasons.
If your Certificate Authority insists they must have this information in the CSR then you will need to procure the CSR somewhere else (See KBA 2892001 - What is a CSR - Recruiting Marketing) then use option 2 in CSB : Upload an SSL certificate that you got using your own CSR.
Note : For SAN names there are a limitation of 64 characters and should be separated with comma (not semicolon or others special characters)
Resolution
The CSR cannot be generated via the tool for these particular scenarios but customers can use Option 2: To obtain and install an SSL without generating a CSR. With this option they can generate their own CSR by other means and obtain their certificate then upload it along with their private key. (See KBA 2892001 - What is a CSR - Recruiting Marketing). As a result, this process is still a self service and does not require Support to manually generate the CSR.
Note that with release 1H 2505, users have improved flexibility in naming the Organization (O) field when using Option 1 to generate the CSR with the CSB tool. This update allows for the inclusion of special characters and symbols, such as <> ; , ‘ { } \ /! @ # $ % ^ * ( ) ~ ? #*&¨¨%$()§º"Space bar ^~;=+ Note that diacritical marks such as ä or é are also supported.
See Also
2892001 - What is a CSR - Recruiting Marketing
SAP SuccessFactors Product Release & Road Map Information
SAP SuccessFactors Patches Knowledge Base
2171560 - How to be notified of new or updated SAP Notes or KBAs
Keywords
CSR, SSL certificate, error, special character, SAN, RMK-28879, RMK-34863 , KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , LOD-SF-RMK-CSB , Career Site Builder , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)