This post summarizes steps to convert your security certificate to PEM format and test it in a cURL command with Anaplan. The current production API version is v1.3.

Using a certificate to authenticate will eliminate the need to update your script when you have to change your Anaplan password. To use a certificate for authentication with the API, it first has to be converted into a Base64 encoded string recognizable by Anaplan. Information on how to obtain a certificate can be found in Anapedia.

This article assumes that you already have a valid certificate tied to your user name.

Steps:

1. To properly convert your Anaplan certificate to be usable with the API, first you will need openssl (https://www.openssl.org/). Once you have that, you will need to convert the certificate to PEM format. The PEM format uses the header and footer lines “-----BEGIN CERTIFICATE-----“, and “-----END CERTIFICATE-----“.

2. If your certificate is not in PEM format, you can convert it to the PEM format using the following OpenSSL command. “certificate-(certnumber).cer” is name of source certificate, and “certtest.pem” is name of target PEM certificate.

openssl x509 -inform der -in certificate-(certnumber).cer -out certtest.pem

View the PEM file in a text editor. It should be a Base64 string starting with “-----BEGIN CERTIFICATE-----“, and ending with “-----END CERTIFICATE-----“.

3. View the PEM file to find the CN (Common Name) using the following command:

openssl x509 -text -in certtest.pem

It should look something like "Subject: CN=(Anaplan login email)". Copy the Anaplan login email.

4. Use a Base-64 encoder (e.g. https://www.base64encode.org/ ) to encrypt the CN and PEM string, separated by a colon. For example, paste this in:

(Anaplan login email):-----BEGIN CERTIFICATE-----(PEM certificate contents)-----END CERTIFICATE-----


5. You now have the encrypted string necessary to authenticate API calls. For example, using cURL to GET a list of the Anaplan workspaces for the user that the certificate belongs to:

curl -H "Authorization: AnaplanCertificate (encrypted string)" https://api.anaplan.com/1/3/workspaces
Comments

This is a great guide for implementing certificate-based authentication with our API. However, I would strongly advise using Python, or something similar to decode and encode the certificate. This saves you plugging your certificate information into any online tool. I don’t trust that isn’t cached anywhere, and if the site isn’t using TLS then you’re sending your credentials without any encryption.

 

import base64


def cert_connect_string(cert_path):
	#Convert cer file to PEM
	#cmd="openssl x509 -inform der -in "+cert_path+" -out cert.pem"
	#os.popen(cmd)
	#Use of the pem file
	cert_file = cert_path
	with open(cert_file, "r") as my_cert_file:
			my_cert_text = my_cert_file.read()
	cert = crypto.load_certificate(crypto.FILETYPE_PEM, my_cert_text)
	subject = cert.get_subject()
	issued_to = subject.CN    # the Common Name field
	issuer = cert.get_issuer()
	issued_by = issuer.CN
	#return my_cert_text
	connect_string = issued_to+":"+my_cert_text
	return connect_string

def anaplan_cert_connect(cert_path):
	#return authentication_txt
	headers = { 'Authorization':'AnaplanCertificate %s' % base64.b64encode(cert_connect_string(cert_path))}
	url = "https://api.anaplan.com/1/3/workspaces/"
	r = requests.get(url, headers=headers)
	return r.text
Latest Articles
3 weeks ago
4 weeks ago
11-08-2019
Labels (1)
0 Kudos