NetSuite Changelog
SecuritySecurityHow-ToIntegration

Generate SSL Certificates and Private Keys in NetSuite

Generate SSL certificates and private keys for secure HTTPS access in NetSuite by using OpenSSL for local server testing.

·2 min read·View Oracle Docs

To access a secure domain via HTTPS while using a local server, you need to generate an SSL certificate and a private key. Since this local server is mainly for testing purposes, you can create a self-signed certificate without relying on a third-party certificate provider.

Generating an SSL Certificate and a Private Key

Follow these steps to generate an SSL certificate and the corresponding private key:

  1. Download and Install OpenSSL: First, ensure that you have OpenSSL installed on your system.

  2. Generate an RSA Private Key: Execute the following command:

    bash
    openssl genrsa -des3 -out ca.key 1024

    You will be prompted to enter a password for the certificate. This password will be needed for subsequent steps. The output will be stored in a file named ca.key.

  3. Create a New SSL Certificate: Run the command below:

    bash
    openssl req -new -sha256 -key ca.key -out ca.csr

    For this command, accept the default value for the localhost field. The other fields are not required for your local server certificate. This will generate a file called ca.csr containing your SSL certificate.

  4. Create a Self-Signed Certificate: Use the following command:

    bash
    openssl x509 -req -days 3600 -in ca.csr -out ca.crt -signkey ca.key

    If prompted for a password, use the one you set during the RSA key generation. This generates the self-signed certificate saved as ca.crt.

  5. Create a Server Key: Execute the command:

    bash
    openssl genrsa -des3 -out server.key 1024

    This creates a server private key stored in server.key.

  6. Create a Certificate Signing Request (CSR): Run the command:

    bash
    openssl req -new -sha256 -key server.key -out server.csr

    The CSR will be saved as server.csr.

  7. Remove Password from Server Certificate: This step is optional but recommended if you encounter password-related issues:

    1. Copy the server.key file for backup:
      bash
      cp server.key server.key.org
    2. Execute the following command to create a password-less server key:
      bash
      openssl rsa -in server.key.org -out server.key
      This new key will be used by the local server, so store it in a safe location.

  8. Create a Self-Signed Server Certificate: Finally, run the command:

    bash
    openssl x509 -req -sha256 -days 3600 -in server.csr -signkey server.key -out server.crt

    This creates a server certificate named server.crt, which your local server will use for secure communications.

Key Takeaways

  • Self-signed certificates can be generated for local server testing.
  • OpenSSL commands are used to create private keys and certificates.
  • Password management is important during certificate generation.
  • Secure server operations can be tested with generated certificates.

Source: This article is based on Oracle's official NetSuite documentation.

Frequently Asked Questions (4)

Is it necessary to use a third-party certificate provider when setting up SSL for a local server?
No, it is not necessary to use a third-party certificate provider for a local server. You can generate a self-signed certificate using OpenSSL for local server testing purposes.
What command should I use to generate an RSA private key with OpenSSL?
To generate an RSA private key, you can use the command: `openssl genrsa -des3 -out ca.key 1024`. You will be prompted to enter a password for the certificate during this process.
How do I remove the password from a server private key if I'm encountering password-related issues?
To remove the password from a server private key, first create a backup of your `server.key` file, then use the command `openssl rsa -in server.key.org -out server.key`. This will create a password-less server key.
What should I do if I want to create a self-signed server certificate for my local server?
Run the command `openssl x509 -req -sha256 -days 3600 -in server.csr -signkey server.key -out server.crt` to create a self-signed server certificate. This certificate, saved as `server.crt`, will be used by your local server for secure communications.
Source: Generate SSL Certificates and Private Keys Oracle NetSuite Help Center. This article was generated from official Oracle documentation and enriched with additional context and best practices.

Was this article helpful?

More in Security

View all Security articles →