Authentication Using Server Certificates for JDBC

JDBC uses TLS-secured connections. Currently, only TLS 1.2 is supported. Further, we actively look for new vulnerabilities and respond as needed to new threats.

You should use authentication with server certificates. Java truststore files usually include the required security certificate, so it is not required to set up a new truststore for them.

However, if your Java truststore does not include the required certificate, you can download it from the SuiteAnalytics Connect drivers download page. Then you can use the Java keytool utility to create a new truststore for the certificate or import it into your Java truststore. To learn more about the keytool utility and setting up truststores, see docs.oracle.com/cd/E19509-01/820-3503/6nf1il6er/index.html. You can also use the following instructions for reference.

To create a new truststore:

  1. In the Settings portlet on your NetSuite home page, click Set Up SuiteAnalytics Connect. If the download link is not displayed, you need to enable the Connect Service. For more information, see Enabling the Connect Service Feature.

  2. Click the Download button next to CA CERTIFICATES.

  3. When the certificates .zip file is downloaded, extract the ca3.cer file to any location on your computer.

  4. Find the keytool utility. It is usually located in the \bin folder inside your Java installation folder, for example, C:\Program Files\Java\jdk1.7.0_71\bin\.

    If you have multiple Java versions installed, choose the keytool utility for the Java version you use with the SuiteAnalytics Connect JDBC driver.

  5. Run the keytool utility, using the following command to create a new truststore. Replace CertificatesFolder with the path to the folder where you extracted the downloaded certificate and TrustStoreLocation with the path where you want to create the new truststore.

                    keytool -import -file "CertificatesFolder\ca3.cer" -alias nsca3 -keystore "TrustStoreLocation\NSCA" 
    
                  

    This will create an NSCA truststore in the location you specified.

  6. When you have created the new truststore and imported the certificate, modify your JDBC driver connection strings, adding the TrustStore property. The TrustStore property should contain the path to the truststore that you have just created.

    For example, if you created the NSCA truststore in C:\Program Files\NetSuite\, your connection URL should look like the following:

                    jdbc:ns://<ServiceHost>:1708;ServerDataSource=NetSuite2.com;Encrypted=1;TrustStore=C:\\Program Files\\NetSuite\\NSCA;CustomProperties=(AccountID=<accountID>;RoleID=<roleID>); 
    
                  
    Note:

    The <ServiceHost>, <accountID>, and <roleID> variables correspond to your host name, account ID, and role ID. The values are available on the SuiteAnalytics Connect Driver Download page under Your Configuration. You can access the SuiteAnalytics Connect Driver Download page using the Set Up Analytics Connect link in the Settings portlet when you are logged in to NetSuite. For more information, see Finding Your Settings Portlet.

Alternatively, you can add the certificate to your Java truststore. In this case, you do not have to add the TrustStore property to your connection URL.

To add the certificate to your Java truststore:

  1. In the Settings portlet on your NetSuite home page, click Set Up SuiteAnalytics Connect. If the download link is not displayed, you need to enable the Connect Service. For more information, see Enabling the Connect Service Feature.

  2. Click the Download button next to CA CERTIFICATES.

  3. When the certificates .zip file is downloaded, extract the ca3.cer file to any location on your computer.

  4. Find the keytool utility. It is usually located in the \bin folder inside your Java installation folder, for example, C:\Program Files\Java\jdk1.7.0_71\bin\.

    If you have multiple Java versions installed, choose the keytool utility for the Java version you use with the SuiteAnalytics Connect JDBC driver.

  5. Run the keytool utility, using the following command to add the first certificate, ca.cer, to your Java truststore. Replace CertificatesFolder with the path to the folder where you extracted the downloaded certificates and JavaTrustStore with the path to the \lib\security\cacerts file in your Java installation folder, for example, C:\Program Files\Java\jdk1.7.0_71\lib\security\cacerts. You may also need to specify the truststore password to access your Java truststore.

                    keytool -import -file "CertificatesFolder\ca3.cer" -alias nsca3 -keystore "JavaTrustStore" 
    
                  

If you added the ca3.cer certificate to your Java truststore, you do not have to add the TrustStore property to your connection URLs.

For more information about the supported and unsupported cipher suites in NetSuite, see Supported TLS Protocol and Cipher Suites.

Related Topics

Accessing the Connect Service Using a JDBC Driver
Prerequisites
Installing the JDBC Driver for Windows
Installing the JDBC Driver for Linux
Installing the JDBC Driver for OS X
Configuring the JDBC Driver

General Notices