Digital Certificates Management in NetSuite

Storing and managing digital certificates in NetSuite enhances security when interfacing with third-party services. The Digital Certificates page allows the upload of certificates in specific formats such as PFX, P12, and PEM. However, certificates with private keys encrypted using CTR block mode (e.g., AES-256-CTR) are not supported.

Understanding Certificate Storage

It's worth noting that the certificate record is not a standard NetSuite record, and therefore, it cannot be accessed through the N/record module. Users should also be aware that digital certificates cannot be downloaded from the system. Depending on the SuiteApps installed, you may encounter read-only system certificates essential for ensuring secure connections through SuiteApps. These can only be modified or removed by uninstalling the relevant SuiteApp.

Steps to Upload a New Certificate

To add a digital certificate, follow these steps:

1. Navigate to Setup > Company > Preferences > Certificates.
2. Click Create New.
3. In the New Certificate window, fill in the Name field with a descriptive name for easy identification.
4. In the ID field, enter a unique script ID (it is prefixed with 'custcertificate') and ensure it is descriptive without spaces or special characters.
   Important: Do not reuse the certificate ID if it has been deleted.
5. Provide a description of the certificate in the Description field.
6. On the Files subtab, upload the digital certificate in the PFX, PEM, or P12 format via the Certificate File field.
7. Enter the certificate password, as provided by the certificate authority.
8. On the Audience subtab, check the Restrict to Employees box to limit access to specific users and select them from the list. Employees must have a role with the Certificate Access permission to use the certificate script.
9. To restrict access by specific scripts, enter their script IDs in the Restrict to Scripts field, separating multiple IDs with commas.
10. Choose applicable subsidiaries in the Subsidiaries field for the certificate to apply. You can select multiple subsidiaries or select all at once.
11. Set expiration reminders for administrators, choosing options such as one week, one month, or three months in advance. You can select multiple reminders.
12. Optionally, check Copy Employees to send reminders to additional employees by selecting them.
13. Finally, click Save. The certificate file is decrypted and securely stored in the database.

Important Considerations

Keep in mind that if testing certificates across different accounts, re-upload will be required in each account. For instance, if a certificate is uploaded in a production account, it is necessary to upload the same certificate in a sandbox account after refreshing.

View all uploaded certificates on the Digital Certificates page.

Who This Affects

• Administrators: Manage and oversee digital certificate uploads and configurations.
• Developers: Access and utilize certificates in scripts, ensuring limited access to enhance security.
• Employees: Those who require access to specific certificates as determined by their roles.

Key Takeaways

• You can manage digital certificates in formats like PFX, P12, and PEM.
• The certificate ID must be unique and descriptive and not reused if previously deleted.
• Limiting access to certificates can be controlled through specific employee roles and SuiteScript access.
• Reminders for certificate expiration ensure proactive management.

Source: This article is based on Oracle's official NetSuite documentation.