cancel
Showing results for 
Search instead for 
Did you mean: 

SCPI - Upcoming Exchange of Server Certificate

rakeshdamera
Participant
0 Kudos

Hi All,

We received a notification from SAP stating the server certificate for our CPI tenant is about to expire and there will be a design time server certificate exchange.

As per the notification, this is about 'DigiCert Global Root G2' certificate but we can see that the validity for the same in the key store is until year 2038

What are we missing here? Also, we are using an external scheduler to trigger these interfaces via API calls. Will this be affected?

Any guidance on this would be highly appreciated.

Thank you,

Rakesh

Accepted Solutions (0)

Answers (3)

Answers (3)

rakeshdamera
Participant
0 Kudos

sriprasadshivaramabhat ,

We opened a ticket with SAP to be sure and got the following response:

"In CPI, a complete certificate chain is Root-->Intermediate-->Server Certificate. The mail is to notify the server certificate expires soon and the Root certificate is still valid

So, if sender systems already trust the root certificate, there are no further steps required. If not, you can import the root certificate.

But if you are using technical clients to connect to SAP CPI servers, like ODATA clients accessing APIs on the TM node, you may need to follow instructions mentioned in the mail"

None of the above apply to us and hence no further action needed.

Thank you again!

Rakesh

Sriprasadsbhat
Active Contributor

Thanks Rakesh for the update!!

Regards,

Sri

Sriprasadsbhat
Active Contributor
0 Kudos

Hello Rakesh,

Could you please below blog and looks like this is related SAP CP.

https://blogs.sap.com/2020/01/11/sap-cloud-connectivity-issues-due-to-expired-certificate/comment-pa...

Regards,

Sriprasad Shivaram Bhat

rakeshdamera
Participant
0 Kudos

Thanks Sriprasad, will check the blog and post an update shortly.

Regards,

Rakesh

Sriprasadsbhat
Active Contributor
0 Kudos

Hello Rakesh,

Could you please confirm from where you have received the email and also could you please confirm in which region your tenant is provisioned ( like eu1,eu2,eu3 -you can find this from your SAP CPI webui url ).Also I could locate only one KBA which states need for certificate exchange last year ( Please check if any entry already updated in new keys as described in KBA ).

Link to KBA :

https://launchpad.support.sap.com/#/notes/2738541

As per note if you dont update certificates manually auto update will happen.

In case if you have some external systems connecting to SAP CPI using certificate based auth it requires new certificate to be installed.

https://www.youtube.com/watch?v=t8EQKLD1u7g

If nothing turns out helpful please raise a ticket to LOD-HCI-PI-OPS

Regards,

Sriprasad Shivaram Bhat

rakeshdamera
Participant
0 Kudos

Hi Sriprasad,

Thank you for checking on this.

We receievd this notifcation from SAP Support <sapcloudsupport@alerts.ondemand.com> and the tenant provisioned is in the 'us3' region. Also, there are no scenarios with SSL communication to CPI.

As described in the KBA 2738541, there are no entries in the 'New SAP Keys' and none of the current SAP keys expire any time soon.

Is it safe ignore the notfication in this case?

Regards,

Rakesh