Background
As part of infrastructure migration, and standard practice for SSL certificates it is recommended to use SAN extension for which your existing *.crm.ondemand.com domain certificate is incorporated with Multi Domain SSL Certificate feature.
Scope
You will be affected if either of the below scenarios is applicable to you:
- Your browser does not have DigiCert Certificates.
- You have an inbound/outbound communication integration to your C4C product.
Impact
If you have third-party integrations like web services/APIs in your Cloud for Customer tenants, you may be required to update the domain certificate. These updates should be conducted by your internal IT resources, with the new certificate information that could be found below.
Download new certificate
Below are the steps to download the new certificate:
- Kindly click on download link. You will be redirected to Digi Cert Website, here ensure Combined Certificate Files are set as shown below.
- Click download as shown below.
-
A zip file by name: star_c4c_cloud_sap_216916196 would be downloaded.
-
Please unzip this file and we can see the required certificate star_c4c_cloud_sap.crt which you need to adapt for running integration scenarios
FAQs
1) What are these certificates used for?
These certificates are used for the SSL/TLS handshake that any system using the ‘secure’ protocol does before allowing connection to/from the system. In our case, SAP Cloud for Customer uses the ‘secure’ HTTPS protocol and hence the SSL handshake is a must for any system to connect to these URLs.
2) Are the new certificates known to modern web browsers?
DigiCert Root Certificates are automatically recognized by all common web browsers, mobile devices, and mail clients, therefore for browser scenarios there is nothing to do. The same is true if one relies on the standard sapjvm trust list.
The CA root certificate is included in:
- SAP JVM patch level 8.1.035 or 7.1.054
- Cloud Foundry buildpack SAP-Java (sap_java_buildpack) version 1.6.15
3) How do I download or install the certificate?
You must have admin access to the server where you need to install the certificate. If you do not have access to your company’s SSL server, notify your IT team and provide them the respective certificate download link from the above table.
4) How to Import Single Certificate in SAP CPI Key Store?
Follow the steps mentioned in the link.
5) How to check the certificate in my browser trust list?
Navigate to chrome://settings and scroll down to ‘Advanced’.
- Under “Privacy and Security,” click “Manage Certificates.”
- On the popup that was launched, select “Trusted Root Certification Authorities. The certificate will be displayed there.
6) How to import the certificate into my browser?
Procedure
- Open the browser.
- Click Customize and control the Google Chrome button in the upper right corner.
- Choose Settings. …
- Under the Privacy and security section, click More. …
- Click Manage certificates, The new window will appear. …
- Choose the Trusted Root Certification Authorities tab.
- Click Import. …
- In the opened window, click Next
7) I notice a discrepancy in the validity start date and end date mentioned in this knowledge article table and my downloaded certificate. What does this indicate?
Sometimes, due to time zone differences, you may see a different date in the downloaded certificate. There is no impact on the certificate update activity due to this. You will be renewing the certificate well in advance, before the certificate expiry date.