Real-Time Record Import Certificate and Certificate Rotation

The upgraded version of the Real-Time Record Import feature uses certificate-based authentication instead of SuiteSignOn to validate real-time record import requests.

Certificates are valid for a finite period. After the initial set up, OpenAir NetSuite Connector generates a new certificate and saves it to NetSuite and OpenAir automatically one to two weeks before the previous certificate expires.

You can use the OpenAir NetSuite Connector Health Check feature to verify whether there is a valid real-time record import certificate in your account, and when the current certificate expires if valid.

• If the health check shows "No valid certificate available for real-time import", use the following steps to generate and save the certificate.

• Otherwise, the health check shows "Current real-time import certificate is valid until <expiry date>".

You can trigger the certificate generation and rotation from the contextual tips menu at any time.

To generate a new certificate for real-time record imports:

1. In OpenAir, go to Administration > NetSuite Connector.

2. Click the Tips button then click Generate new real-time import certificate. OpenAir NetSuite Connector generates a new certificate, uploads it in the custcertificate_oa_realtime certificate record in NetSuite, and saves it in OpenAir after it is successfully uploaded in NetSuite.

Note:

This health check recommendation shows only if the Enable NetSuite single sign-on or Enable NetSuite real-time integration and the Use OAuth 2.0 for NetSuite Single Sign-On Integration and Real-Time Record Import boxes are checked on the OpenAir NetSuite Connector administration form.

However, certificates are generated and saved automatically in NetSuite and OpenAir only if the upgraded version of the Real-Time Record Import feature is set up in NetSuite. For more information about setting up the upgraded version of the Real-Time Record Import feature in NetSuite, see Configuring Real-Time Record Import from NetSuite into OpenAir.

Certificate Generation Troubleshooting

The NetSuite OpenAir SRP Real-time Add-on bundle (Bundle ID 369630) 3.0 or later version adds the custcertificate_oa_realtime certificate record. The default certificate openair-certificate.pem associated with the custcertificate_oa_realtime certificate record is not valid. It is a required placeholder and it is replaced by a new certificate as part of the initial setup and periodically thereafter as part of the automatic certificate rotation.

If attempting to generate the certificate using the above steps results in the error Certificate "custcertificate_oa_realtime" not found, the certificate record may have been accidentally deleted in NetSuite. In this case, recreate the certificate record.

To recreate the certificate record in NetSuite:

1. In NetSuite, go to Documents > Files > File Cabinet.

2. Locate the file cabinet directory for the OpenAir certificates (SuiteBundles > Bundle 369630 > OpenAir Certificates).

3. Next to openair-certificate.pem, click Download to save the certificate file to your computer.

4. Go to Setup > Company > Certificates.

5. Click Create New.

   The new certificate window appears.

6. Enter the following certificate details

   • Name: OpenAir real-time

   • ID: _oa_realtime

7. On the Files tab, click Choose a file and select the openair-certificate.pem you saved to your computer earlier.

8. Click Save.

   After you save the certificate in NetSuite, try generating the certificate in OpenAir.