SAP Knowledge Base Article - Public

3517125 - Unable to convert the OAuth certificate from SF

Symptom

You are implementing OAuth authentication for integration between SF and another system.

Since your target system does not accpet .PEM, you would like to convert the SF generated certificate from .PEM format to another format (such as PFX).

You have tried an external tool (such as OpenSSL), but you found the certificate cannot be properly loaded or converted.

Environment

SAP SuccessFactors HCM

  • OData API

Reproducing the Issue

  1. Register under "Manage OAuth2 Client Applications"
  2. Create X.509 Certificate in SF, and download the .PEM file
  3. Use external tool but failed to convert the certificate

Cause

The certificate expected by your external tool may be different from the one generated in SF.

Resolution

Check your external tool and make sure you are following the correct steps to convert the certificate.

If the issue persists, instead of generating it in SF, you could generate a valid certificate by yourself (using any tool).

Then upload the public certificate in SF (under "Manage OAuth2 Client Applications"), and keep the private key on your side.

See Also

2850646 - How to register for OAuth 2.0 authentication - SuccessFactors OData API

Keywords

private key, public key, key pair, conversion, unable to load private key, api key, RSA, STRUST , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , Problem

Product

SAP SuccessFactors HCM Core 2405