1. Account Administration
  2. Authentication
  3. Digital Signing
  4. Locking and Restricting Certificates

Locking and Restricting Certificates

To prevent an unauthorized use of a certificate, you can limit the use of the certificate to certain scripts and specific employees on the certificate record.

To restrict access to a certificate:

  1. Go to Setup > Company > Preferences > Certificates.

  2. Click the name of the certificate to open it in a new window.

  3. Click the Audience tab.

  4. To restrict access to the certificate to specific employees, check the Restrict to Employees box, and select employees who should be able access the certificate using SuiteScript. Employees must also have a role with the Certificate Access permission to use the certificate with SuiteScript. When you do not check the box, all employees with the Certificate Access permission can access the certificate with SuiteScript.

  5. To restrict access to a specific script, enter the script’s script ID in the Restrict to Scripts field. You can find the script ID for a script on the script record or in the ID column on the list of scripts at Customization > Scripting > Scripts. Separate multiple script IDs with commas.

    You can also set script restrictions with SuiteScript 2.x if you create the certificate object using the certificateControl.createCertificate(options) method.

  6. Click Save.

In addition to these restrictions, you can use SuiteScript 2.x to lock and unlock Digital Certificates. Locking a certificate prevents anyone from accessing the certificate in the NetSuite UI, even the owner of the certificate.

You can use locking combined with script restrictions to restrict new scripts from using a certificate. For example, if you create a SuiteApp that contains a script and a certificate, you can restrict the certificate to only work with the SuiteApp’s script and lock the certificate. You can then lock the script within the SuiteApp to block unauthorized access.

Use the following methods to lock and unlock a certificate:

The following code sample uses a scheduled script to demonstrate how to lock a certificate. Because this sample uses define instead of require, you must deploy this script in your account. It is not meant to run in the SuiteScript Debugger.

          /**
*@NApiVersion 2.x
*@NScriptType ScheduledScript
*/

define(['N/certificateControl'],function(certificateControl){ 
    function execute(context){    
        //lock the certificate
        certificateControl.lock({
            //replace the following id with the script ID of your key
            id: 'custcertificate_testid'
        });
    }
    return{
        execute: execute
    }
});

General Notices