System-to-System Developer’s Guide v3.0
Confidential Material 10 of 19
Step 5: Update the keystore with the NetSuite certificate and the signed certificate
NetSuite will e-mail you the signed client certificate as well as NetSuite’s self-signed, signing certificate (named
NLCACert4Partners.der), that was used to sign your client certificate. You will need to import both of these
certificates into your keystore. First import NetSuite’s signing certificate into your keystore as a trusted CA. When
asked if you want to trust this certificate, answer yes.
In the following example, the NetSuite certificate named NLCACert4Partners.der is imported into the keystore
named client.keystore as a trusted CA.
keytool -keystore client.keystore -storepass mystorepass -alias CA -keypass
mykeypass -import -file NLCACert4Partners.der
You will see a response similar to the following, and will be prompted to trust the certificate.
Owner: EMAILADDRESS=dwilliams@netsuite.com, O="NetSuite, Inc.", ST=California,
L=San Mateo, C=US,
CN=system.NetSuite.com
Issuer: EMAILADDRESS=dwilliams@netsuite.com, O="NetSuite, Inc.", ST=California,
L=San Mateo, C=US,
CN=system.NetSuite.com
Serial number: 1
Valid from: Fri Aug 11 08:53:00 PDT 2000 until: Mon Aug 09 08:53:00 PDT 2010
Certificate fingerprints:
MD5: 65:17:3D:5B:3C:F4:AB:45:D8:CA:EC:E2:BC:CC:9D:51
SHA1: ED:60:C9:73:17:DC:13:1B:AB:0E:41:7C:28:18:DE:99:51:81:71:DB
Trust this certificate? [no]: y
Certificate was added to keystore
Next, import the signed client certificate into your keystore. The keytool will check the signatories of the certificate
to ensure that their signatures can be validated. In this case, since the NetSuite certificate (public key) is already
in the same keystore, this validation is successful.
In the following example, the signed certificate named client.der is imported into the keystore named
client.keystore with a password of mystorepass under the alias client with a password of mykeypass.
keytool -keystore client.keystore -storepass mystorepass -alias "client" -
keypass mykeypass -import -file client.der
3.2 MICROSOFT DEVELOPMENT PLATFORM
This section details how to setup certificates using OpenSSL that are intended for use primarily within the
Microsoft .NET platform. These directions can also be used to setup certificates for use with other Microsoft
development platform such as Active Server Pages (ASP), Visual C++, Visual Basic, as well as other external
Microsoft Windows based development platforms (for example, Delphi) although these platforms are not officially
supported by NetSuite. Please see section 2.1 entitled Supported Platforms and NetSuite Development Support
for more details on platforms supported by NetSuite.
Following is a detailed list of steps using OpenSSL to create a certificate, getting it signed by NetSuite, and
installing the certificate.
Step 1: Install OpenSSL
Download the latest release of OpenSSL in one of the following formats and install. Note that NetSuite
recommends installing Cygwin as it is the quickest and most reliable option.
• Install the latest version of Cygwin from http://www.cygwin.com and ensure that the OpenSSL option is checked
before installing. This is the recommended option as Cygwin comes with the required configuration files for
OpenSSL.
