How to set up Production Scheduler to use client certificates for authentication?

2 minute read time.

Starting with V11 and introduction of Production Scheduler, during the installation , you have an option to pick Basic Authentication or client certificate.  But what if you pick Basic authentication and later on you decide to switch. In this blog post , I am discussing the steps that are needed to implement Client certificate.

Before start, please review Client certificate authentication for Production Scheduling

Below steps assumes you already have a working installation of Production scheduler with basic authentication. In other words in PlannerOneManager you already have something similar to below:

So first steps is to turn on client certificate on X3 side.

  1. Browse to the location of Nodelocal.js file under \syracuse\bin directory and make a backup of it.
  2. Stop Syracuse service.
  3. Add certificate as the authentication methods.

  4. Restart Syracuse service.
  5. Login to X3.
  6. Open Administration, Servers, Hosts and enter a new line for SSL or modify existing line. For certificate use the existing certificate which was created during the initial install.



  7. Next step it so generate a client certificate against the same server certificate.
  8. Use command prompt to get to certgen directory.



  9. Use below command ( similar to what is on the online help to create a new ortems certificate).You should use a strong password.



  10. This will create 3 new file under output directory.




  11. Created an exact user with same CN in X3 ( in the above example my common name is ortems)



  12. Make sure you can login to X3 normally with the above new users.
  13. Download and install curl from here
  14. Try with curl command like below , you should get a 200 reply.( if you don't get a 200 reply , review the steps above)



  15. Now that Curl is working, we need to use OpenSSL to create a PFX file. (You can install openssl) or use openssl that comes with old web services.




  16. Next step is to make Plannerone to use the certificate method connection.
    Note: If I have not had installed Plannerone yet, then I would just simply during the install choose client certificate. But now that I already have installed Planner one, below steps are needed. The information for this instruction are in plannerone help file under:



  17. Open up PowerShell scripts and get to the installation path of the planner one and run .\module\init.ps1



  18. Additionally below 4 commands needs to run , for more information review the help file related to planner one.




  19. After the above steps Plannerone is now ready to use Certificate authentication.
  20. So back in planner one manager change the authentication to client certificate.


     

    Conclusion: You can use above steps to turn on client certificate for connection between Production Scheduler and Sage X3.