3637024 - How to resolve SSL Certificate Installation Issues - Recruiting Marketing

This article provides guidance for resolving SSL certificate installation issues in SAP SuccessFactors Recruiting Marketing, where the status may change to "Uninstalled" or "Installation Requested" without error messages.

This article provides steps to diagnose and resolve this issue.

SAP SuccessFactors Recruiting Marketing

1. Certificate Validity Issue: SSL certificates with validity exceeding 397 days are non-compliant and will be rejected during installation.
2. Self-Signed Certificates: Installation fails if the certificate is self-signed and not issued by a recognized Certificate Authority (CA).
3. Missing Information in CSR: All mandatory fields, such as Common Name and Email Address, must be included in the CSR to avoid installation errors.
4. Multiple Certificates Installed: The system restricts installation when there are already two certificates installed for a domain.
5. Missing Intermediate Certificate: If more than one intermediate certificate is provided by the CA but not all are uploaded, installation fails.
6. Private Key Format Error: Uploading a private key without the necessary header (e.g., {BEGIN PRIVATE KEY} and {END PRIVATE KEY}) leads to installation errors.

1. Certificate Validity Issue

Cause: SSL certificates exceeding a validity period of 397 days are rejected during installation due to non-compliance with industry standards. 

Solution:

1. Navigate to CSB> Tools > SSL Certificate > Reference ID

   Check the "Valid From" and "Valid To" dates on your SSL certificate.
   • Calculate the duration between these dates to ensure it does not exceed 397 days.
2. If the validity period exceeds 397 days, generate a new SSL certificate with a valid duration that complies with the 397-day limit.
3. Generate a new SSL certificate with a validity period not exceeding 397 days.
4. Ensure compliance with standard security protocols to maintain accessibility of career sites.

2. Self-Signed Certificates

Cause: Self-signed certificates are not accepted as they are not validated by a globally recognized Certificate Authority (CA).

Solution:

1. Identify Self-Signed Certificates:
   • Check the issuer of the SSL certificate. If the issuer and the subject (the entity receiving the certificate) are the same, the certificate is self-signed.
   • Use certificate inspection tools to view certificate details and verify the issuer information.
   • Look for common self-signature indicators, such as the absence of a recognized CA name in the issuer field.
2. Correct Action:
   • Obtain an SSL certificate signed by a recognized Certificate Authority (CA), such as DigiCert, GlobalSign, or GeoTrust.
   • Self-issued certificates are suitable only for internal or development environments, not for public-facing sites.

3. Missing Information in CSR

Cause: Incomplete CSR with missing mandatory fields like Common Name, Organization, and Email Address.

Solution:

Ensure that all required fields in the CSR are populated according to KBA 2892001 which outlines CSR guidelines for Recruiting Marketing.

1. If you're using the Option 2, access the CSR Decoder
2. Enter the CSR
3. You will see at least 1 of the following required information missing:
   • Common Name
   • Organization
   • Organizational Unit
   • City/Locality
   • State/County/Region
   • Email address
       
4. Please generate a new CSR providing all the above information, then ask the Certificate Authority to procure the Certificates again.

4. Multiple Certificates Installed

Cause: If there are already two certificates installed for a domain, the system will block further installations.

Solution:

• Check the existing certificates for the domain in  CSB> Tools > SSL Certificate > Reference ID
• Remove one of the currently installed certificates before attempting to install a new one.

5. Missing Intermediate Certificate

Cause: The SAP tool does not permit installing more than one intermediate certificate file; if only one is uploaded when multiple are provided, the installation fails.

Solution:

• Combine all intermediate certificates into a single file for upload.
• Follow instructions outlined in KBA 3111993 for handling multiple intermediate certificates in CSB.

6. Private Key Format Error

Cause: Uploading a private key without the necessary header results in detection failure leading to installation errors. Refers to 3132774 - Private Key file not accepted in Career Site Builder SSL tool - Recruiting Marketing

Solution:

• • Ensure the private key file includes header lines such as BEGIN PRIVATE KEY and END PRIVATE KEY.
  • Consult KBA 3132774 for guidance on proper formatting of private key files in Career Site Builder SSL tool.

2431471 - How to Check RMK SSL Certificate Validity - Recruiting Marketing

3240107 - Error occurred when uploading SSL Certificate in CSB - Recruiting Marketing

2892001 - What is a CSR - Recruiting Marketing

3132774 - Private Key file not accepted in Career Site Builder SSL tool - Recruiting Marketing

KBA , LOD-SF-RMK-CER , Certificate Renewal, IP Address, Domain , How To