Starting with V11 and introduction of Production Scheduler, during the installation , you have an option to pick Basic Authentication or client certificate. But what if you pick Basic authentication and later on you decide to switch. In this blog post , I am discussing the steps that are needed to implement Client certificate.
Before start, please review Client certificate authentication for Production Scheduling
Below steps assumes you already have a working installation of Production scheduler with basic authentication. In other words in PlannerOneManager you already have something similar to below:
So first steps is to turn on client certificate on X3 side.
- Browse to the location of Nodelocal.js file under \syracuse\bin directory and make a backup of it.
- Stop Syracuse service.
- Add certificate as the authentication methods.
- Restart Syracuse service.
- Login to X3.
- Open Administration, Servers, Hosts and enter a new line for SSL or modify existing line. For certificate use the existing certificate which was created during the initial install.
- Next step it so generate a client certificate against the same server certificate.
- Use command prompt to get to certgen directory.
- Use below command ( similar to what is on the online help to create a new ortems certificate).You should use a strong password.
- This will create 3 new file under output directory.
- Created an exact user with same CN in X3 ( in the above example my common name is ortems)
- Make sure you can login to X3 normally with the above new users.
- Download and install curl from here
- Try with curl command like below , you should get a 200 reply.( if you don't get a 200 reply , review the steps above)
- Now that Curl is working, we need to use OpenSSL to create a PFX file. (You can install openssl) or use openssl that comes with old web services.
- Next step is to make Plannerone to use the certificate method connection.
Note: If I have not had installed Plannerone yet, then I would just simply during the install choose client certificate. But now that I already have installed Planner one, below steps are needed. The information for this instruction are in plannerone help file under: - Open up PowerShell scripts and get to the installation path of the planner one and run .\module\init.ps1
- Additionally below 4 commands needs to run , for more information review the help file related to planner one.
- After the above steps Plannerone is now ready to use Certificate authentication.
- So back in planner one manager change the authentication to client certificate.
Conclusion: You can use above steps to turn on client certificate for connection between Production Scheduler and Sage X3.