Anaplan issuing new certificate on Dec 8, 2018

chanaveer_k
Expert

Anaplan issuing new certificate on Dec 8, 2018

Update (May 31, 2019)

Please see the Anaplan-Generated Certificates to Expire at the End of 2019 blog for more information.

Original message:

Based on customer feedback and to allow admins additional time to transition to new integration clients, Anaplan will be issuing a new Anaplan certificate on December 8, 2018. The current Anaplan certificate will stop working on December 8. You will need to take action based on your integration client and authentication. 

Please refer to the Update to Integration Certificate Expiration blog post and Certificate Expiration FAQs for more information.

Do you have questions about the new Anaplan-generated certificates? Share your thoughts below. Click the Reply button below to post.

Product Manager, Anaplan
24 REPLIES 24
henri.latvanen
Occasional Contributor

Hi,

I try to be more precise with my questions. 

Within client certificate providers there is quite big price spread. One provider also offers several types of client certificates. Does it matter which one I choose, or to be exact, recommend my customers to choose?
I guess only the email address needs to be identified, but I couldn't find any info that explicitly stated that.

So, is the email identification enough?

 

Certi.JPG

 

 

connie.j
Occasional Contributor

Hi Henri:  the Class 1 will probably work:  can you please confirm with the provider that their cert will meet each of the requirements documented under "Certificate Requirements" in this document https://help.anaplan.com/anapedia/Content/Administration_and_Security/Tenant_Administration/Security...

 

Thank you,

Connie

matt.brady
Occasional Contributor

Thanks for keeping us updated on the latest developments.  This very helpful for all of the clients we're supporting.

bradley.sisson
Occasional Contributor

All-

 

I've been talking with Anaplan's Product and Security Engineering teams about this topic rather frequently.  The process isn't as straightforward as initially thought because what you want (i.e. Client Certificate) is going to vary by CA Vendor.  Some Vendors don't call it a Client Certificate, but rather a S/Mime Personal Certificate.  Most Vendors have a Certificate Support desk.  I would recommend having a short conversation with them and sharing the information that's on Anapedia about Procuring a CA Certificate.  Once they understand what you're requesting in relations to a .p12 file and .pem files they're more than likely to recommend the appropriate product vs. trying to figure it out oneself.  Below is conversation between Entrust (an Anaplan supported CA provider) and myself.

 

INITIAL INQUIRY:

"I need some assistance determining what type of certificate is needed to solve my problem.  The instructions state a Client Certificate, but I can't find a Client Certificate as an available product from your website.  Anyhow, the cert I need you to provide would need to meet the following requirements - https://help.anaplan.com/anapedia/Content/Administration_and_Security/Tenant_Administration/Security....

In layman's terms, the certificate would be used to authenticate a user between Client (Source) and Anaplan (Target). The cert would need the ability to create a private and public key. The public key will be stored in Anaplan and will be assigned to the registered user of the certificate. The purpose of the certificate is to run integration jobs from client into Anaplan; using the cert to properly authenticate the user via the public key infrastructure. The use of public certificates heightens the level of assurance of an authentication operation, confirming the user team is the rightful owner of the certificate."

 

RESPONSE:

"I may have a solution for you, which is probably more suitable to your needs.

 
Based on the link you provided, which was very helpful, probably a S/Mime personal certificate would do the job. We can provide you with one, and once the .p12 certificate is created and arrives to you, we can use openssl to convert it from a .p12 into a .pem, as the instructions specify. The .pem file would actually be 2, one with the private key and the other with the public key.  These can be merged into 1 .pem file.
 
That would satisfy the need for the subject name to be an email address, client, and have a public and private key.
 
Their cost is normally $20, as per https://buy.entrust.net (personal secure email). They last 1 year, and are relatively quick to process."
supermetz
New Contributor

Very helpful -- initally we got to the end of the process "saving to Open Tenant Admistration >> Administration >> Security >> Certificates >> Add Certificate, came to the realization we received a server certificate not a Client/Email Certificate.