Skip to Content
Former Member
Jan 09, 2017 at 03:18 PM

User Sub CA certificate expiration


Question on User Sub CA certificate expiration.
Have implemented SAP SSO 3.0 in a development capacity, have a root certificate in place and SSO is working.
The root certificate has an expiration date which seems self-explanatory.
The root CA will need to be replaced prior to the expiration in both NW SSO and back-end SAP systems otherwise single sign-on will quit working.

However, the expiration date of the User Sub CA is significantly sooner than the root CA.
And the User Sub CA is what is used for issuing certificates for user logon per the SLAC
(Secure Login Administration Console) configuruation.

For example:
Root CA expiration year: 2034
User Sub CA expiration year: 2021 (less than 5 years from now).
Why the difference, what happens when the User Sub CA expires, and what if any pro-active actions need to occur before the User Sub CA expires?
Cannot seem to find good documentation explaining the User Sub CA administration as it relates to SAP SSO.
Does the Root CA itself need to be replaced before the User Sub CA expires?
There was no way to manually adjust the exiration dates in the SLAC.
thanks for any feedback!