CA certificate changes for iPaaS connectors

scott.smith
scott.smith
in Best Practices

This article covers the necessary steps to update the iPaaS connectors for HyperConnect/Informatica Cloud, Dell Boomi, Mulesoft and SnapLogic. See the article A Guide to CA Certificates in Anaplan Integrations - Anaplan Community for the steps to process a certificate once it has been procured.

HyperConnect/Informatica Cloud

Authentication within HyperConnect/Informatica Cloud is handled at the connection level. There should be a connection for each model that is used within the integrations. HyperConnect/Informatica Cloud supports basic authentication and certificate authentication. 

The steps to use Certificate Authority (CA) certificates with HyperConnect/Informatica are listed below:

  1. Each connection must be using the "Anaplan V2" connector
  2. A java keystore containing both the public and private keys needs to be created and placed where the secure agent can access it
  3. In each connection:
    1. Set the Auth Type to "Cert Auth"
    2. Clear the "Certificate Path Location" field
    3. Update the API Major Version. Set it to 2
    4. Update the API Minor Version. Set it to 0
    5. Enter the full path to the java keystore in the "KeyStore Path Location"
    6. Enter the alias used when the java keystore was created in the "KeyStore Alias" field
    7. Enter the password for the java keystore in the "KeyStore Password" field. Note the password is masked.
    8. Test for connectivity.

HyperConnect.png

Dell Boomi

Authentication within Dell Boomi is handled at the connection level. There should be a connection for each workspace that is used within the integrations. Dell Boomi supports basic authentication and certificate authentication. 

The steps to use CA certificates with Dell Boomi are listed below:

  1. Each connection must be using the "Anaplan" version of the connector. The "Anaplan V2" and "Anaplan (legacy)" versions are not current and do not support CA certificate authentication.Boomi1.png
  2. A P12 bundle of both the public and private keys needs to be created
    1. The file received from the CA provider is sometimes in the P12 bundle format
      1. To test this: Use the java keytool to run the following command
      2. keytool -v list -storetype pkcs12 -keystore %path to keystore%

      3. Within the output of the command, there should be an "Alias name" property. This value will be used in the connection.

    2. Boomi2.png

      If the certificate does not contain the alias, a P12 bundle can be created using OpenSSL. See Creating a Java Keystore for the steps to create a P12 bundle. Once the bundle is created, the remaining steps in the article are not needed.

  3. In Dell Boomi:
    1. Create a new object
      1. Type: Certificate
      2. Certificate Type: X.509
      3. The name and location of the certificate are up to you
      4. Click "Create"
    2. Import the P12 bundle file.
    3. Edit the connection
      1. Ensure the URL is pointed to "https://api.anaplan.com/2/0"
      2. Set the Authentication Type to "Client Certificate"
      3. Select the certificate created above from the "Certificate" dropdown
      4. Enter the alias used in the P12 bundle into the "Private Key Alias" field
      5. Enter the password for the P12 bundle in the "Password" field

boomi3.png

MuleSoft

Authentication within MuleSoft is handled at the connection level. Typically only a single connection is needed. MuleSoft supports basic authentication and certificate authentication. 

The steps to use CA Certificates with MuleSoft are listed below:

  1. A java keystore containing both the public and private keys needs to be created
  2. Enter the full path to the java keystore in the "Key store path"
  3. Enter the alias used when the java keystore was created in the "KeyStore Alias" field
  4. Enter the password for the java keystore in the "KeyStore Password" field. Note the password is masked.

mulesoft.png

SnapLogic

Authentication within SnapLogic is handled at the connection level. Typically only a single connection is needed. SnapLogic supports basic authentication and certificate authentication. 

The steps to use CA Certificates with SnapLogic are listed below:

  1. Public Key
    1. Open the public key file in a text editor
    2. Copy everything from "--- BEGIN CERTIFICATE ---" through "---END CERTIFICATE ---"
    3. Paste the contents into the "External certificate contents"
  2. Private Key
    1. The private key cannot be encrypted for use in SnapLogic.
    2. Open the private key file in a text editor
      1. If the key information begins with "--- BEGIN RSA PRIVATE KEY ---" then the key is not encrypted. Continue with step iii below
      2. If the key information begins with "--- BEGIN ENCRYPTED PRIVATE KEY ---" then the key needs to be un-encrypted prior to use
        1. Issue the following OpenSSL command to create a new private key file from the original
        2.  openssl rsa -in private_key.pem -out unencrypted_private_key.pem
    3. Copy everything from "--- BEGIN RSA PRIVATE KEY ---" through "---END RSA PRIVATE KEY ---"
    4. Paste the contents into the "External private key" field

snaplogic.png

Tagged:

Categories