1. Account Administration
  2. Authentication
  3. Digital Signing
  4. Uploading Digital Certificates

Uploading Digital Certificates

You can store and manage your digital certificates on the Digital Certificates page. NetSuite currently accepts the following certificate file types are:

Important:

The certificate record holds information for a digital certificate, but it isn't a standard NetSuite record and can't be accessed with the N/record module.

Note:

It isn't possible to download digital certificates. Depending on which SuiteApps are installed in your account, you may see read-only system certificates in your list of digital certificates. These certificates are required for a secure connection to a third party service through a SuiteApp and can't be edited or removed without uninstalling the SuiteApp.

To upload a new certificate:

  1. Go to Setup > Company > Preferences > Certificates.

  2. At the top of the page, click Create New.

  3. In the New Certificate window, on the Details tab, enter a descriptive name for this certificate in the Name field.

  4. In the ID field, enter a script ID for this certificate. The script ID of the certificate lets you access the certificate using SuiteScript. You should make this a descriptive ID with no spaces or special characters. NetSuite prefixes the script ID with ‘custcertificate’.

    Important:

    Don't reuse a certificate ID if the certificate was deleted.

  5. In the Description field, enter a description of this certificate, such as its use and who maintains it.

  6. On the Files tab, in the Certificate File field, choose a file to upload the digital certificate. You need a file type of PFX, PEM, or P12 to save this certificate.

  7. In the Password field, enter the password for this certificate. The certificate authority that issued you the certificate, provides the password.

  8. On the Audience tab, check the Restrict to Employees box to limit access to this certificate to specific employees. Select the employees in the field below. Click each name to select multiple employees. You don't need to use Ctrl or Command.

    Employees must also use roles with the Certificate Access permission to be able to run a script that accesses a certificate.

  9. To restrict access through SuiteScript to specific scripts, enter the script IDs in the Restrict to Scripts field.

    For more information, see Access to Digital Certificates.

  10. In the Subsidiaries field, select which subsidiaries this certificate applies to. You can select more than one subsidiary, or you can check the box at the top of the list to select all subsidiaries. Selecting a subsidiary lets you search for certificates by subsidiary and doesn't affect access.

  11. Under Expiration Reminders, select when administrators receive reminder of expiration: one week, one month, or three months in advance. You can select more than one option to receive more than one reminder.

  12. Check the Copy Employees box to copy additional employees on reminders. Select which employees to copy in the field below. Click each name to select multiple employees. You don't need to use Ctrl or Command.

  13. Click Save. The certificate file is decrypted and validated using the provided password. NetSuite stores the certificate and password securely in the database.

Note:

When testing in various accounts, you must re-upload your certificate to the new account. For example, if you upload a certificate in your production account and refresh your sandbox account, you must still re-upload your certificate in the sandbox account.

You can view the list of uploaded certificates on the Digital Certificates page.

Access to Digital Certificates

If you're not using the Administrator role, you need a custom role with the Certificate Management permission to view the Digital Certificates page and upload new certificates.

The following role permissions apply to digital certificates and the Digital Signing API:

  • Certificate Management – This permission controls access to the Digital Certificates page in the NetSuite UI.

  • Certificate Access – This permission controls access through scripting. When you select a custom role with this permission in the Execute As Role field on script deployments, the script can access the digital certificate data for digital signing. Employees need the permission to run a script, even if the employee is listed in the Restrict to Employees field on the certificate.

Related Topics

General Notices