System-to-System Developer’s Guide v3.0
Confidential Material 11 of 19
• Install a pre-compiled version of OpenSSL in executable format for Windows. Note that the official site
http://www.openssl.org has only the source and does not contain a pre-compiled version for Windows. Find a
mirror site such as http://hunter.campbus.com/ to download the zip file that contains openssl.exe and a couple of
related DLLs. This requires setting up an OpenSSL configuration file that you need to find elsewhere on the
Internet.
Once installed, ensure that these executables are in your system path.
Step 2: Create a Certificate Signing Request (CSR)
Generate a key pair with a RSA 1024 bit private key, and a Certificate Signing Request (CSR) as follows. Note
that in this example, the private key is stored in client.key and the certificate expires in 10 years. You will also be
prompted for a password to protect you private key.
openssl req -new -keyout client.key -out client.csr -days 3650
A CSR is a file that is sent to the certification authority for signing; it contains the public key that needs to be
signed in a special format. Note that the CA in this case is NetSuite.
As part of this request, you will be prompted for information that will be inserted into your certificate. Following is a
sample log that illustrates this information.
Generating a 1024 bit RSA private key
...........++++++
...................................++++++
writing new private key to 'client.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:San Mateo
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XYZ Inc
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, YOUR name) []:XYZ Inc
Email Address []:info@xyz.com
Step 3: E-mail the CSR to NetSuite
NetSuite will act as the CA and sign the certificate. It will also extract a hash of the certificate and store it internally
so that a secondary check can be performed on all incoming requests.
The e-mail should be sent to certSignReq@netsuite.com with the CSR file as an attachment. It should include the
following:
• Subject: Certificate Signing Request for <Company Name>
• Body:
o Partner ID: The partner ID assigned by NetSuite
