Setting Up Digital Certificates for OAuth 2.0 with SuiteScript
To use OAuth 2.0 for SuiteScript, you need a digital certificate. SuiteScript supports RSASSA-PSS and ECDSA certificates.
The following topics will show how to create and upload the digital certificates in your NetSuite account.
Creating RSASSA-PSS Certificates
A single RSASSA-PSS certificate can be combined with either hash function SHA-256, SHA384 or SHA512 to form signature algorithms PS256, PS384, PS512, respectively.
The following example shows howto create a RSASSA-PSS certificate:
name=pss
openssl req -new -x509 -nodes -days 365 -newkey rsa-pss -pkeyopt rsa_keygen_bits:4096 \
-out public-$name.pem -keyout private-$name.pem \
&& cat public-$name.pem private-$name.pem > combined-$name.pem
Creating ECDSA Certificates
An ECDSA certificate must be used with a specific hash function based on the elliptic curve of the certificate.
|
Signature algorithm |
EC curve |
Hash function |
|---|---|---|
|
ES256 |
P-256 |
SHA-256 |
|
ES384 |
P-384 |
SHA-384 |
|
ES512 |
P-512 |
SHA-512 |
The following example shows how to create an ECDSA certificate with EC curve P-256 that must be used with SHA-256 hash.
name=es256
openssl req -new -x509 -nodes -days 365 -newkey ec -pkeyopt ec_paramgen_curve:P-256 \
-out public-$name.pem -keyout private-$name.pem \
&& cat public-$name.pem private-$name.pem > combined-$name.pem
Uploading the Digital Certificates
To upload the digital certificates, go to Setup > Company > Certificates. For more information, see Uploading Digital Certificates.