SAP Knowledge Base Article - Public

3263963 - How secure are self-signed certificate while using Oauth authentication and how to get signed certificate.

Symptom

You are setting up the certificate integration for the standard integrations in CPI to use OAuth instead of the basic authentication.

Your internal security policy dictates that, should not use self-signed certificates when connecting between systems. Noticed that in the configurations for the interface connectors we are forced to use a self-signed certificate in CPI. Note 3043427

Is there a way to use a signed certificate to connect between CPI and SuccessFactors using the OAuth authentication method?

Environment

  • SAP SuccessFactors HXM Suite
    • Cloud Platform Integration (CPI)

Cause

From SAP, we provide self-signed certificate (X.509 Certificate) only. KBA - 3043427 contains standard steps.

Resolution

From SAP, we provide self-signed certificate (X.509 Certificate) only. KBA -3043427 contains standard steps.

We understand. it's always been told that SSL certificates are only secure if they are issued and signed by a trusted signing authority, and that we should never use a self-signed certificate except for limited internal use and for testing purposes.

But whether you get your certificate signed by a certificate authority or sign it yourself, there is one thing that is exactly the same on both:

  • Both certificates will generate a site that cannot be read by third-parties. The data sent over an https connection or SSL, will be encrypted regardless of whether the certificate is signed or self-signed.

In other words, both types of certificates will encrypt the data to create a secure website.

SAP assure you the complete security and there is nothing to worry about. Please go ahead and use X.509 certificate for authentication.

See Also

3043427 - How to use OAuth2 SAML Bearer Assertion in SAP Cloud Integration connecting with SAP SuccessFactors (ODATA and SFAPI) - SAP ONE Support Launchpad

Keywords

signed certificate, self-signed certificate, Oauth authentication, CPI, standard integrations, X509 certificate, SSL, HTTP connection.  , KBA , LOD-SF-INT-CPI , Standard SF to 3rd Party CPI (HCI) Content , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , How To

Product

SAP SuccessFactors HXM Suite 2211