Skip to Content
Technical Articles
Author's profile photo Manpreet Kaur

Domain Certificate Renewal(*sapbydesign.com)

Background

The existing server certificate for domain “*.sapbydesign.com” is being renewed as it is going to expire on April 17, 2021.

Scope

You will be affected if either of the below scenarios are applicable to you:

  • Your browser does not have DigiCert Certificates.
  • You have an inbound communication integration to your ByD product.

Impact

The SSL certificates for your below URLs are scheduled to be updated with new certificates.

myXXXXXX.sapbydesign.com and myXXXXXX-sso.sapbydesign.com

If you have third party integrations like web services/APIs in your Business ByDesign tenant, you may be required to update the domain certificate. These updates should be conducted by your internal IT resources.

Download new certificate

To download latest certificate go to your test tenant URL and download certificate which was recently updated. Below are the steps we need to follow to get certificate and update it on production tenant:

  1. Access your BYD test URL and click on “View site information” (Lock symbol):
  2. Click on Certificate (Valid) option as below:
  3. New renewed Domain certificate will be available for download:

    We can see the whole certificate chain in “Certification Path”:

  4. Click on “Details” tab and download the certificate to the desired path.

 

FAQs

1) What are these certificates used for?

These certificates are used for the SSL/TLS handshake that any system using the ‘secure’ protocol does before allowing connection to/from the system. In our case, SAP Business ByDesign uses the ‘secure’ HTTPS protocol and hence the SSL handshake is must for any system to connect to these URLs.

2) Are the new certificates known to modern web browsers?
DigiCert Root Certificates are automatically recognized by all common web browsers, mobile devices, and mail clients, therefore for browser scenarios there is nothing to do. The same is true if one relies on the standard sapjvm trust list.

The CA root certificate is included in:

  • SAP JVM patch level 8.1.035 or 7.1.054
  • Cloud Foundry buildpack SAP-Java (sap_java_buildpack) version 1.6.15

3) How do I download or install the certificate?
You must have admin access to the server where you need to install the certificate. If you do not have access to your company’s SSL server, notify your IT team and provide them the respective certificate download link from the above table.

4) How do Import Single Certificate in SAP CPI Key Store?
Follow the steps mentioned in the link.

5) How to check the certificate in my browser trust list?

  • Open Internet Explorer.
  • On the Tools menu, click ‘Internet Options’.
  • Go to tab ‘Content’ and click on ‘Certificates’.
  • Go to tab ‘Trusted root certification Authorities’. Here you should find “DigiCert Global Root CA”
  • Go to tab ‘Intermediate Certification Authorities’. Here you should find ‘“DigiCert SHA2 Secure Server CA”
  • If the certificate is not present, please proceed with steps mentioned under: “How to import certificate into my browser?”

6) How to import the certificate into my browser?

  • Open Internet Explorer.
  • On the Tools menu, click ‘Internet Options’.
  • Go to tab ‘Security’, click ‘Custom Level’ to open the Security Settings dialog box.
  • Select ‘Medium’ in the ‘Reset Custom Settings’. Click OK to close the Security Settings dialog box. Note: Certificates cannot be installed when the security setting is set to High.
  • Go to tab ‘Content’and click on ‘Certificates’
  • Go to tab ‘Trusted root certification Authorities’and click on ‘Import’ to import the newly downloaded Digi Certificates.
  • Ensure that ‘DigiCert Root and Intermediate’ is added in the list.

7) I notice a discrepancy in the validity start date and end date mentioned in this knowledge article table and my downloaded certificate. What does this indicate?
Sometimes, due to time zone difference, you may see a different date in the downloaded certificate. There is no impact on the certificate update activity due to this. You will be renewing the certificate well in advance, before the certificate expiry date.

Assigned Tags

      15 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Peter Sawall
      Peter Sawall

      Is there a site available to test with?

      Author's profile photo Peter Sawall
      Peter Sawall

      I found one. https://hcids.us4.hana.ondemand.com/  You will get 404 error but at least you know if your browser is ready or not.

      Author's profile photo Michael Ong
      Michael Ong

      I've checked the article multiple times and I can't seem to find the download link for the new Certificates are.

      Author's profile photo Manpreet Kaur
      Manpreet Kaur
      Blog Post Author

      Hi Michael,

      There was some issue. Now you would be able to download certificate.

      Sorry for inconvenience.

      Regards,

      Manpreet Kaur

      Author's profile photo Michael Ong
      Michael Ong

      Hi Manpreet!

      Thank you for the response, but the link still doesn't work.  What is the likelihood that we will need to do something with the certificate?  Because then the inability to access the new certificate would then factor into a risk profile of this change.

      Author's profile photo Manpreet Kaur
      Manpreet Kaur
      Blog Post Author

      HI Michael,

      I have updated steps to download certificate from URL.

      Please check.

       

       

       

      Author's profile photo Lynni Li
      Lynni Li

      Hello,

      I can't download, says:

      "This site can’t be reached" 
      
      Thanks,
      Author's profile photo Manpreet Kaur
      Manpreet Kaur
      Blog Post Author

      Hi Lynni,

      Steps to download certificate has been updated.
      Please check in blog post under download certificate section.

      thanks

      Author's profile photo Aruna Thakar
      Aruna Thakar

      Hi Manpreet,

      Great information!! but I'm not able to download the certificate. I don't see that option in any tab (general/details/certification path)

      Aruna

       

      Author's profile photo Manpreet Kaur
      Manpreet Kaur
      Blog Post Author

      Hi Aruna,

      You need to access Test Tenant to download certificate.

      and then you can upload it to production tenant. Please check if you are doing it right. Let me know if you still face issue.

      Regards,

      Manpreet Kaur

      Author's profile photo Elisa Richomme
      Elisa Richomme

      Hello,

       

      I have downloaded the certificat per your instructions, I uploaded it to the "certificate trust list" in SAP ByDesign, but my outbound connections are still not working.

      Is this where the certificate should be uploaded? Should I delete another certificate maybe?

       

      Thank you,

       

      Elisa

      Author's profile photo Manpreet Kaur
      Manpreet Kaur
      Blog Post Author

      Hi Elisa,

      Make sure you have deleted certificate which is expired.

      Please try and let me know if you still face this issue.

      Regards,

      Manpreet Kaur

      Author's profile photo Daichi Wakamatsu
      Daichi Wakamatsu

      Hi Manpreet

      I'm still not  sure how to download it to desired path. Please describe more details. I'm confused after this "Click on “Details” tab and download the certificate to the desired path." Download button will appear somewhere or do I have to do any steps?  Thank you so much

      Thank you
      Daichi

      Author's profile photo Manpreet Kaur
      Manpreet Kaur
      Blog Post Author

      Hi Daichi,

      1.When you click on Details tab if you are getting option copy to file.
      2.Click on this option and follow wizard to copy certificate in file(this way it will get downloaded on your system)

      3.Then you can upload the same certificate in production URL.

      Let me know if you still face any issue.

      Regards,

      Manpreet Kaur

      Author's profile photo Daichi Wakamatsu
      Daichi Wakamatsu

      Thank you for your quick response! I could downloaded correctly, I'm sorry to ask again about very basic question but how can I upload in production URL?

       

      Thank you for your help!

       

      Daichi