SAP Knowledge Base Article - Preview

3392167 - FAQ: DigiCert root and intermediate CA certificate updates


Frequently Asked Questions

Q: Is there an FAQ page provided by Digi Cert?

A: You can access Digi Cert’s FAQ knowledge base here. 

Q: How to determine if you are impacted by this change?

A: Since this is an industry wide change, it is likely that you are impacted by the change. Customers should review their current configurations. You will be impacted if you do any of the following:

  • Pin ICA/Root certificates.
  • Hard code the acceptance of ICA/Root certificates.
  • Operate a trust store. 

Q: What action should be taken if a customer’s environment has the above setting?

A: Your internal IT / Security should update the environment - Stop pinning or hard-coding root or ICA certificate acceptance or make the necessary changes to ensure certificates issued from the G2 certificate hierarchy are trusted (in other words, they can chain up to their trusted G2 root certificate).

Q: Can the change first be applied to Test or Dev realm and then on to Production?

A: SAP Ariba is cloud platform, and all the customer environments (Prod, Test and Dev) are hosted on the same servers. Changes are made on the server level therefore changes are applied to all the environments at the same time.

Q: Can a customer get an exact time when the certificate needs to be changed?

A: Both G1 and G2 root and intermediate certificates can co-exist, so you can add the G2 certificates now. Ensure G1 certs are not removed from trust stores.

Q: What is a root, intermediate, and leaf certificate?

A: A certificate path contains the root, intermediate, and leaf certificates.  If you open the .crt file that is currently loaded in your system, click on the tab Certification Path, to show the Root, Intermediate, and Leaf certificate (see attached image FAQ DigiCert root and intermediate CA certificate updates

The certificate on the bottom of the list is considered the leaf certificate.  The next one up is the intermediate certificate.  The top one is the root certificate. The leaf certificate is provided to the customer on SAP Ariba Public Certificate Downloads.  Depending on the customer’s configuration, it may be required to load the root and/or intermediate certificate in addition to the leaf certificate.



KBA , BNS-ARI-PCP-BF , Base Framework , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.