Anaplan issuing new certificate on Dec 8, 2018

Expert

Re: Anaplan generated Certificates to expire Dec 10, 2018

Hi @winstonquan, if you are looking to create custom integration by directly invoking REST APIs, please wait for Anaplan to release the v2.0 API & user guide. If you are interested in Anaplan Connect v.14, you can use it without needing to refer to the API guide. Thanks.

Product Manager, Anaplan
Message 11 of 25
Occasional Contributor

Re: Anaplan generated Certificates to expire Dec 10, 2018

Thanks Chanaveer.

Would you have timings for the REST API documentation to be released?
Message 12 of 25
Contributor

Re: Anaplan generated Certificates to expire Dec 10, 2018

Hi,

 

I have been able to get a certifcate and created a key_store file and was able to run imports into Anaplan using AC1.4. However, just wondering, is there a way to not show the key_store password in the batch file? The password is visible in plain text.

Message 13 of 25
Expert

Re: Anaplan generated Certificates to expire Dec 10, 2018

Hi @UpaliW, the keystore alias & password must be saved in the script file. This allows AC 1.4 to extract the Private Key & Public Certificate. Alias & password are standard features on JAVA keystores.

 

Customer must install AC 1.4 & its Integration scripts on a secure server & limit access to that server.

Product Manager, Anaplan
Message 14 of 25
Expert

Re: Anaplan generated Certificates to expire Dec 10, 2018

Hi @UpaliW, Yes, with Basic Auth, password needs to be reset every 3 months. Users can avoid this by moving to CA Certificates for Auth.

Product Manager, Anaplan
Message 15 of 25
Frequent Contributor

Re: Anaplan generated Certificates to expire Dec 10, 2018

Hi,

I have about 20 connect scripts, that run daily (overnight), if i "Switch to Basic Authentication", i have to have my password visible in all these scripts, and also have to update them every time my password expires, which could cause stoppages or issues in process, and was the reason i changed to certificates in the first place.

 

I looked at the "Upgrade to the latest API clients" but can find nothing on the website to explain things, and as far as i can see nobody on site has administration app access.

 

Any advice please

 


Message 16 of 25
Expert

Re: Anaplan generated Certificates to expire Dec 10, 2018

Hi @DeveloperCYT, we are planning to release an updated Anaplan Connect (AC) v1.4 in the near term. This provides support for CA certificates. You can migrate your AC 1.3.x.x integration scripts to AC 1.4 at your convenience. Please watch the Anaplan product releases page.

Product Manager, Anaplan
Message 17 of 25
Highlighted
Occasional Contributor

Re: Anaplan generated Certificates to expire Dec 10, 2018

Hi,

 

With the changes to the Anaplan generated certificates, a number of customers have asked;

  • Could you simply define Basic Authentication and how can customers use it instead? A customer read on a post that based on this option there would be a need to put the username and password on every batch file for the Anaplan Integration account. If passwords expire every 3 months would they need to update every individual batch file every 3 months?
  • Regarding the option to, "Upgrade to the latest API clients" does it have a cost implication? Also I didn't quite understood how to Procure CA Certificates in the relevant link https://help.anaplan.com/anapedia/Content/Administration_and_Security/Tenant_Administration/Security...
  • Do Customers need to download the new version of Anaplan Connect which will be available late September?

Many thanks for your help

 

R

Message 18 of 25
Occasional Contributor

Re: Anaplan generated Certificates to expire Dec 10, 2018

Hi,

 

to start with, could you list examples of valid Certificates? I don't mean the root authorities, but the actual certificate product? There seems to be quite big price spread, what should be considered when buying?

Message 19 of 25
New Contributor

Re: Anaplan generated Certificates to expire Dec 10, 2018

Hi Henri:

You can begin by contacting your IT or Security Operations organization to determine if your company already has an existing relationship with a CA or intermediary CA.

  • If your organization has an existing relationship with a CA or Intermediate CA you can request a client certificate be issued for your integration user.
  • If your organization does not have an existing CA relationship, then you would need to contact an Intermediary CA which has one of the supported Root CA's digitally signing the Intermediary CA's certificate.

As you noted, there are many categories of certificates that a CA offers(for example: SAN certificates, wildcard certificates, code-signing certificates, and others). You should request a client certificate only. The process for procuring the certificate may take a few weeks for some validation that the CA must perform. We recommend you allow time for the procurement process. Once the CA issues the certificate file, follow their documented steps for making this file available in your environment.

Message 20 of 25