Hi Ramu, Here's the bottom line based on SAP Note 3565626:

• What's happening? This specific root certificate expires May 2025. Any client certificates signed by it will stop working.

• Are you affected? You are potentially affected only if systems calling into Integration Suite use a client certificate signed by Baltimore CyberTrust Root. You might also be affected if your Integration Suite flows calling out to other systems are configured in their receiver adapters (e.g., HTTP/OData) to use a specific private key alias for client certificate authentication, and that alias corresponds to a certificate signed by Baltimore CyberTrust Root.

• What to do - Check: Verify the CAs signing any client certificates used for inbound authentication. Also, check your iFlow receiver adapter configurations for any specific key aliases used for outbound authentication and verify the CA of the corresponding certificates.

• What to do - Act if needed: If your checks reveal any dependencies on the Baltimore root, you must replace the affected certificates or update configurations before May 2025. This might involve getting new certificates signed by a different supported CA or switching outbound flows to use the standard sap_cloudintegrationcertificate if appropriate.

• What to do - If no impact: If your checks confirm none of your scenarios use client certificates tied to this Baltimore root, you don't need to do anything regarding this specific alert.

• Ignore the root in Keystore: Don't worry about the Baltimore CyberTrust Root certificate itself shown in the Integration Suite Keystore; its presence doesn't require action.

In short: Check authentication methods for inbound calls and specific key aliases used in outbound adapter configurations within your iFlows. Replace certificates or update settings only if they rely on the expiring Baltimore root.

Hope this simplifies it!

F

Cloud Integration