/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- SAP SuccessFactors HCM is switching to the "DigiCert TLS RSA4096 Root G5 Public Key Infrastructures (PKI).
- You own a custom trust store which contains the "DigiCert Global Root G2" certificate, and you want to add the new "DigiCert TLS RSA4096 Root G5" certificate.
Note: This is applicable for KSA Migration (DC23) customers only. The required actions need to be taken any time before September 1st, 2025.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors HCM Suite
Cause
To comply with the Kingdom of Saudi Arabia’s National Cybersecurity Authority (NCA), SAP SuccessFactors will switch to DigiCert G5. DigiCert G5 incorporates higher key lengths and stronger HASH algorithm SHA-384.
Resolution
Call for Action:
If you have systems in which you manage the trusted certificates yourself, check if the Digicert G2 Root certificate exists in it. If it exists and the usage is related to SAP SuccessFactors, please add the G5 Root certificate “DigiCert TLS RSA4096 Root G5” to it.
- To download the G5 certificate, go to https://www.digicert.com/kb/digicert-root-certificates.htm
- In the list of certificates, search for DigiCert TLS RSA4096 Root G5.
- Download the appropriate format for your trust store.
- Verify the fingerprint of the downloaded certificate matches what is given on the website. Reference fingerprint attached to this KBA, file- fingerprint.txt
Example of how this verification can be done via OpenSSL command:- openssl x509 -noout -text -in ./ DigiCertTLSRSA4096RootG5.crt.pem -fingerprint
- Follow the instructions of your trust store to add the CA certificate to it. Do not yet remove the G2 certificate as both are needed for the transition period.
We advise you to contact your IT department to perform this check & required action any time before September 1st, 2025, if needed.
Note: SuccessFactors Support team does not possess the specific knowledge required to guide or assist in the validation or installation of these certificates on third-party servers or tools.
Keywords
Certificate,SSL,Digicert,G1,G2,G5,Root , KBA , LOD-SF-PLT , Platform Foundational Capabilities , How To
Product
Attachments
| fingerprint.txt |
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)