Extract an Encryption Certificate or Signing Certificate from the SP Metadata File
Use the following procedure if you must extract the encryption or signing certificate from the NetSuite Service Provider Metadata file. A Signing Certificate is only required if you are using an SP-initiated flow, or if you are using Single Logout (SLO).
To extract a certificate from the SP metadata file:
-
Download the SP metadata file from your NetSuite account.
-
Go to Setup > Integration > SAML Single Sign-on.
-
Download the SP metadata file to your computer. Remember the location you save the file to.
-
-
Create a new file in a text editor and enter the following text exactly as shown:
-----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -
Use a text editor to open the SP metadata file you saved to your computer.
-
Copy the appropriate line from the SP metadata file.
-
Paste the line you copied from the SP metadata file to the blank line between the -----BEGIN CERTIFICATE-----and -----END CERTIFICATE-----lines.
-
Save the PEM-encoded file.
-
Follow your IdP’s documentation for providing the certificate file to your IdP (for example, upload the file, or paste the content of the file into a provided form.)
Related Topics
- SAML Single Sign-on
- Complete Preliminary Steps in NetSuite for SAML SSO
- Configure NetSuite with Your Identity Provider
- Complete the SAML Setup Page
- Update Identity Provider Information in NetSuite
- Interactions with NetSuite Using SAML
- SAML SSO in Multiple NetSuite Account Types
- NetSuite SAML Certificate References
- Remove SAML Access to NetSuite
- SAML SSO FAQ
- IdP Requirements