Enterprise Resource Planning Blogs by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Domain Certificate Renewal (*businessbydesign.cloud.sap) & (*sapbydesign.com)

shilpa_prakaash1
Advisor
Advisor
‎08-11-2023 7:51 PM
Background

The existing server certificate for domain *businessbydesign.cloud.sap and *sapbydesign.com will be renewed as it is going to expire on 10th Oct, 2023.

Scope

You will be affected if either of the below scenarios are applicable to you:

  • Your browser does not have DigiCert Certificates.

  • You have an inbound/outbound communication integration to your Byd product.


Impact

If you have third party integrations like web services/APIs in your Business ByDesign tenant, you may be required to update the domain certificate. These updates should be conducted by your internal IT resources, with the new certificate information that could be found below.

Download new certificate

Below are the steps to download new certificate:

  • Kindly click on download link. You will be redirected to Digi Cert Website, here ensure Combined Certificate Files is set as shown below.





  • Click download as shown below.





  • A zip file by name: star_businessbydesign_cloud_sap_486710072 would be downloaded.

  • Please unzip this file and we can see required certificate: star_businessbydesign_cloud_sap.crt as shown below.



FAQs

1) What are these certificates used for?
These certificates are used for the SSL/TLS handshake that any system using the ‘secure’ protocol does before allowing connection to/from the system. In our case, SAP Business ByDesign uses the ‘secure’ HTTPS protocol and hence the SSL handshake is must for any system to connect to these URLs.

2) Are the new certificates known to modern web browsers?
DigiCert Root Certificates are automatically recognized by all common web browsers, mobile devices, and mail clients, therefore for browser scenarios there is nothing to do. The same is true if one relies on the standard sapjvm trust list.
The CA root certificate is included in:

  • SAP JVM patch level 8.1.035 or 7.1.054

  • Cloud Foundry buildpack SAP-Java (sap_java_buildpack) version 1.6.15


3) How do I download or install the certificate?
You must have admin access to the server where you need to install the certificate. If you do not have access to your company’s SSL server, notify your IT team and provide them the respective certificate download link from the above table.

4) How do Import Single Certificate in SAP CPI Key Store?
Follow the steps mentioned in the link.

5) How to check the certificate in my browser trust list?
Navigate to chrome://settings and scroll down to ‘Advanced’.

  1. Under “Privacy and Security,” click “Manage Certificates.”

  2. On the popup that was launched, select “Trusted Root Certification Authorities’. The certificate will be displayed there.


6) How to import the certificate into my browser?
Procedure

  • Open chrome browser.

  • Click Customize and control Google Chrome button in the upper right corner.

  • Choose Settings. …

  • Under Privacy and security section, click More. …

  • Click Manage certificates, The new window will appear. …

  • Choose Trusted Root Certification Authorities tab.

  • Click Import. …

  • In the opened window, click Next.


7) I notice a discrepancy in the validity start date and end date mentioned in this knowledge article table and my downloaded certificate. What does this indicate?
Sometimes, due to time zone difference, you may see a different date in the downloaded certificate. There is no impact on the certificate update activity due to this. You will be renewing the certificate well in advance, before the certificate expiry date.

 

Please do share feedback and your thoughts in the comment section below.
You can also refer SAP Business ByDesign environment.
Topic page: (https://community.sap.com/topics/business-bydesign)
Post and answer questions (https://answers.sap.com/tags/01200615320800000691)
Read other posts on the topic (https://blogs.sap.com/tags/01200615320800000691/)
Labels:
8 Comments
former_member874133
Discoverer
‎08-21-2023 8:34 AM
0 Kudos
Hello,

 

Kindly advise if you feel this might affect any existing apis we have.

 
hridesh
Explorer
‎08-21-2023 8:44 AM
0 Kudos
Hello,

Yes, as mentioned in the blog -  If you have third party integrations like web services/APIs in your Business ByDesign tenant, you may be required to update the domain certificate. This certificate comes with a validity of 1 year and as regular process we update our domain certificate, So incase you have done this earlier as well, this has to be updated.

Hope this helps clarify.

Regards,

Hridesh
former_member874133
Discoverer
‎08-21-2023 8:56 AM
0 Kudos
Thanks for the response

Action Required:

We recommend adapting the scenarios in your Test environment. This is applicable only If you have third party integrations like web services/APIs in your environment, you may be required to add the new certificate chain in the required trust store at an earliest.

When are we required to take the above action?

Change Schedule:

Test Systems: Changes will be executed between August 25th, 2023 18:00 UTC to August 26th, 2023 11:00 UTC.

Production Systems: Changes will be executed between September 09th, 2023 15:00 UTC to September 10th, 2023 08:00 UTC.

 

And also, what does this change schedule mean?
hridesh
Explorer
‎08-21-2023 9:04 AM
0 Kudos
Hello,

When are we required to take the above action? : In this blog we have shared the download link.

You can download the certificate and use same to update in your API.

The time schedule is the schedule planned to replace the old certificate which is going to expire on 10th Oct, with the new once which is mentioned above.

Based on your Contractual Maintenance Period, the certificate would be updated in server side.

Regards,

Hridesh
waleedguru
Discoverer
‎09-13-2023 9:09 PM
0 Kudos

Hi,

We are using SAP CPI for ByDesign integrations which comes with SAP managed certificates. In past, these certificates were updated by SAP, and not us.

Should we update this certificate in SAP CPI or SAP will handle this update automatically?

Regards,

Waleed.

hridesh
Explorer
‎09-14-2023 3:44 AM
Hello Waleed,

Yes, you may be required to add the new certificate chain in the required trust store. You can contact the CPI admin team to perform this activity.

Regards,

Hridesh
waleedguru
Discoverer
‎09-14-2023 8:40 AM
0 Kudos

Hi,

Thanks for clarification.

I followed the instruction and downloaded certificate where it says domain "*.businessbydesign.cloud.sap".

Is it the same certificate used for both domains "*.businessbydesign.cloud.sap" and "*.sapbydesign.com"?

Regards,

Waleed.

 

 

hridesh
Explorer
‎09-15-2023 6:51 AM
0 Kudos
Hi Waleed,

Yes, its same certificate which is used for both domains. this is achieved via https://en.wikipedia.org/wiki/Subject_Alternative_Name

Regards,

Hridesh
Popular Blog Posts