1. Account Administration
  2. Authentication
  3. Digital Signing
  4. Uploading Digital Certificates

Uploading Digital Certificates

You can store and manage your digital certificates on the Digital Certificates page. The following certificate file types are currently accepted:

Important:

The certificate record holds information for a digital certificate, but it is not a standard NetSuite record and cannot be accessed with the N/record module.

Note:

It is not possible to download digital certificates. Depending on which SuiteApps are installed in your account, you may see read-only system certificates in your list of digital certificates. These certificates are required for a secure connection to a third party service through a SuiteApp and cannot be edited or removed without uninstalling the SuiteApp.

To upload a new certificate:

  1. Go to Setup > Company > Preferences > Certificates.

  2. At the top of the page, click Create New.

  3. In the New Certificate window, on the Details tab, enter a descriptive name for this certificate in the Name field.

  4. In the ID field, enter a script ID for this certificate. The script ID of the certificate lets you access the certificate using SuiteScript. You should make this a descriptive ID with no spaces or special characters. NetSuite prefixes the script ID with ‘custcertificate’.

    Important:

    Do not reuse a certificate ID if the certificate was deleted.

  5. In the Description field, enter a description of this certificate, such as its use and who maintains it.

  6. On the Files tab, in the Certificate File field, choose a file to upload the digital certificate. A file type of PFX, PEM, or P12 is required to save this certificate.

  7. In the Password field, enter the password for this certificate. The password is provided by the certificate authority that issued you the certificate.

  8. On the Audience tab, check the Restrict to Employees box to limit access to this certificate to specific employees. Select the employees in the field below. Click each name to select multiple employees. You do not need to use Ctrl or Command.

    Employees must also be using roles with the Certificate Access permission to be able to execute a script that accesses a certificate.

  9. To restrict access through SuiteScript to specific scripts, enter the script IDs in the Restrict to Scripts field.

    For more information about restricting access to certificates, see Access to Digital Certificates.

  10. In the Subsidiaries field, select which subsidiaries this certificate applies to. You can select more than one subsidiary, or you can check the box at the top of the list to select all subsidiaries. Selecting a subsidiary lets you search for certificates by subsidiary and does not affect access.

  11. Under Expiration Reminders, select when administrators receive reminder of expiration: one week, one month, or three months in advance. You can select more than one option to receive more than one reminder.

  12. Check the Copy Employees box to copy additional employees on reminders. Select which employees to copy in the field below. Click each name to select multiple employees. You do not need to use Ctrl or Command.

  13. Click Save. The certificate file is decrypted and validated using the provided password. The certificate and password are securely stored to the NetSuite database.

Note:

When testing in various accounts, you must re-upload your certificate to the new account. For example, if you upload a certificate in your production account and refresh your sandbox account, you must still re-upload your certificate in the sandbox account.

You can view the list of uploaded certificates on the Digital Certificates page.

Access to Digital Certificates

If you are not using the Administrator role, you need a custom role with the Certificate Management permission to view the Digital Certificates page and upload new certificates.

The following role permissions apply to digital certificates and the Digital Signing API:

  • Certificate Management - This permission controls access to the Digital Certificates page in the NetSuite UI.

  • Certificate Access - This permission controls access through scripting. When you select a custom role with this permission in the Execute As Role field on script deployments, the script can access the digital certificate data for digital signing. This permission is required for employees to execute a script, even if the employee is listed in the Restrict to Employees field on the certificate.

Related Topics

General Notices