Skip to main content

23 posts tagged with "connect"

View All Tags

Salesforce has announced several certificate-related changes in 2026 that may generate questions from customers. enosix has reviewed these changes and assessed the impact across our product line. No customer-facing disruptions have been observed to date, and our architecture minimizes exposure to these changes. Below is a summary of each change and how it relates to enosix products.

1. Root Certificate Transition to DigiCert Global Root G2 (Effective February 5, 2026)

Salesforce has transitioned to issuing certificates chained from the DigiCert Global Root G2. Any certificate issued by Salesforce after February 5, 2026 will be chained to this new root in most environments. Salesforce recommends that organizations adopt the Mozilla Root Certificate Set to future-proof their trust stores.

Impact on enosix Products

  • Salesforce Apps (Surface, Transact, Commerce, SDK, Sync): enosix integrations with SAP are built on Named Credentials and Callouts, not direct API client connections. Salesforce manages the outbound TLS trust chain for Named Credential callouts, so no customer action is required for these products. Self-signed certificates and CA-signed certificates that you upload to your org are not in scope for this change.

  • enosix Link: The enosix Link appliance has been patched to include the latest root certificate updates, including DigiCert Global Root G2. Customers should review the Link release announcements and ensure they are running the latest version. Customers not using the stable (automatic update) channel should update to the latest release to ensure continued compatibility.

  • enosix Connect: The enosix Connect appliance has been patched to support the latest root certificate updates. Customers should review the Connect release announcements and ensure they are running the latest version. Customers not using the stable (automatic update) channel should update to the latest release to ensure continued compatibility.

2. Deprecation of Dual-use Certificates (Effective June 15, 2026)

Effective June 15, 2026, Chrome will mandate a strict separation between server and client authentication certificates ("dual-use" ban). This impacts customers using mutual TLS (mTLS) with Salesforce, requiring that client certificates are not sourced from the same public roots used for website trust.

Impact on enosix Products

enosix products do not use mTLS for connectivity between Salesforce and SAP. This change has no impact on enosix integrations. Customers who have implemented custom mTLS configurations outside of enosix products should review the Salesforce-supported CAs for Client Auth EKUs and audit their mTLS usage independently.

3. Certificate Lifespan Reductions (Starting March 15, 2026)

To align with industry standards, Salesforce is reducing maximum TLS server certificate lifespans in phases:

DateMaximum Lifespan
March 15, 2026200 days
March 15, 2027100 days
March 15, 202947 days

This means certificates will be renewed more frequently. Some CA vendors have already begun issuing 200-day certificates.

Impact on enosix Products

  • Salesforce Apps (Surface, Transact, Commerce, SDK, Sync): Certificate renewal is managed entirely by Salesforce for Named Credential connections. No customer action is required.

  • enosix Link & Connect: Appliance updates include support for more frequent certificate rotations. Customers should stay current on the latest releases to ensure their appliances handle renewed certificates seamlessly. Customers not using the stable (automatic update) channel should regularly check for and apply the latest updates.

Summary

ChangeEffective Dateenosix ImpactCustomer Action
Root Certificate → DigiCert Global Root G2Feb 5, 2026No disruption observedLink & Connect: update to latest release if not on stable channel
Dual-use Certificate Ban (mTLS)June 15, 2026No impact (enosix does not use mTLS)None for enosix products
Certificate Lifespan → 200 daysMarch 15, 2026No impact for Named Credential integrationsLink & Connect: stay current on releases

Additional Resources

For any questions or support, please contact the enosix team.

Addressing issues from G5 root certificate updates in SAP BTP, See : 3566727 - Root Certificate Replacement in the SAP BTP, Cloud Foundry Environment SAP note. As part of the rollout it was identified that the new G5 root certificates were not trusted by the Connect Console or Connect Application base image. This update addresses the certificate issues preventing authenticating to Cloud Foundry subaccount instances for deployment and Connect instances from reading destinations from environments with the G5 certificate update.

It is REQUIRED to re-build there packages to incorporate the 1.5.0.5001 Base Version patch into the latest package version and re-deploy. If you need assistance please contact support for help in upgrading your instances.

  • [Update]: Fixed issues with new BTP G5 certificates that were effecting deployments and accessing destinations.

Note: The G5 certificate update can also effect the SAP Cloud Connector, See: 3583377 - Cloud Connector will fail to connect to subaccount SAP note for details.

  • [Feature]: Improved error handling to enable providing better support.

  • [Bug Fix]: Addressed a critical issue preventing successful application deployments to Google Cloud Platform (GCP) regions within SAP Business Technology Platform (BTP). This fix ensures smoother and more reliable deployment processes across different GCP regions.

Improvements:

  • Enhanced Deployment Logging: Implemented more comprehensive logging capabilities for deployment procedures. The improved logging provides greater visibility into deployment processes, making it easier to track and troubleshoot potential issues.

  • [Bug Fix]: Fixed an issue with the sap-client connection parameter in BTP destinations. The parameter is now correctly applied when connecting to the SAP system. See the updated connect documentation on Creating a Destination.

Impact and Benefits

The sap-client parameter is critical for user authentication, which is client-specific in SAP systems. This fix ensures connections are directed to the correct client, enabling accurate authentication, improving security, and supporting seamless integration in multi-client environments.

Fixed compatability with SAP Cloud Connector 2.17.1

Fixed a UI bug where the deployment status was not updated correctly

Improved logging in client docker app

Improved error tracking capabilities to provide more insightful crash analysis.

Fixed issue with deployments failing to start on BTP cloud.

Adding ability to protect API access with API Key, configured in BTP Cloud Foundry

  • [Update]: Update list of available SAP BTP Cloud Foundry Regions

WHAT'S NEW:

Updated Connect with minor bug fixes and console infrastructure.

(No action is needed for our Connect customers to continue using their deployed connect apps.)

For any questions, reach us at 👉 https://go.enosix.com/support

  • [Update]: Adding RFCs to a project, add any RFC that exists in your SAP system without errors
  • [Bugfix]: The Package Info screen now displays the RIO name in the Name field and the RIO type in the Type field
  • [Bugfix]: The Re-auth SCP pop-up window can be closed by clicking the X
  • [Bugfix]: Fixed issue when generating Detail RIO's ex: EnosixPODetail