Technology Blog Posts by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP BTP ABAP Environment - Switch to DigiCert G5 Root Certificate Authority

FrankJentsch
Product and Topic Expert
Product and Topic Expert
3 weeks ago
771

Current server certificates for the domains of the SAP BTP ABAP Environment (aka "Steampunk") are issued by the DigiCert G2 Root Certificate Authority (CA). Based on current recommendations, SAP is switching to the DigiCert TLS RSA4096 Root G5 CA, see SAP Note 3566727 for more details. This switch applies to the SAP BTP Cloud Foundry Environment, to the SAP BTP ABAP Environment, and to other SAP services. New regions of the SAP BTP ABAP Environment from Q1 2025 are already set up with the DigiCert G5 Root CA. For existing regions of the SAP BTP ABAP Environment, the switch from the DigiCert G2 Root CA to the DigiCert G5 Root CA is currently planned for Q3/2025.

 

Call to Action

Inbound Connections

If you manage trust stores of client applications/services, which connect to your SAP BTP ABAP Environment instance(s), by yourself, then add the DigiCert TLS RSA4096 Root G5 CA to these trust stores to ensure that your applications/services still can connect to the SAP BTP ABAP Environment instance(s) when the new server certificates are used. This applies to all supported protocols.

Since different (external) client applications / services are using different technical implementations for such trust stores, we cannot provide detailed instructions how to configure these trust stores.

Outbound Connections

For outbound connections from your SAP BTP ABAP Environment instances, for example, towards other services in SAP BTP Cloud Foundry environment, please check the trust settings for the DigiCert TLS RSA4096 Root G5 CA via the Maintain Certificate Trust List application. Since some releases, the Automatic Trust List Update feature is enabled and new certificates from the SAP trust list should have been added automatically to the trust store. If the CA is not contained in the list, click on Check for Updates and add the certificate, or add it manually. You can also download it here.

 

References

  • SAP Note 3566727 : Root Certificate Replacement in the SAP BTP, Cloud Foundry Environment
  • Blog Post: SAP BTP Cloud Foundry: Switching to higher security level Root Certificate Authority
  • Blog Post: SAP BTP ABAP Environment – New Root Certificate Authority
  • Github: Trust Store for SAP BTP
Labels in this area
Popular Blog Posts