In June 2018, Anaplan implemented support for use of public Certificate Authority (CA)-issued certificates to authenticate against Anaplan v2.0 APIs.
A number of Anaplan customers are not familiar with CA certificates and questions have been raised with Anaplan Support and Customer Success about where and how they can be procured. For your convenience, Anaplan customers can use Sectigo as a vendor through which you can acquire CA certificates. Anaplan interviewed a number of CA vendors, including GlobalSign, QuoVadis, and Digicert. Sectigo (formerly Commodo) impressed us a flexible vendor with a well-established presence in the CA certificate market.
You are not obligated to use Sectigo as your CA certificate vendor. Your organization may use any vendor certificates as part of Anaplan's list of supported root CA certificates. Please note that Sectigo is an intermediary CA vendor which uses AddTrust External CA Root as its root certificate. You can find AddTrust in the supported root CA Certificates page.
To procure a CA certificate from Sectigo:
Once you've paid the fee for the certificate, Sectigo sends you a certificate file. You are now ready to extract your certificate for use in Anaplan.
When you obtain your certificate from Sectigo, you can either submit the certificate request and get a private key from the CA or you can submit your request with a Certificate Signing Request (CSR).
If you are on a Windows system, you must have openssl installed to complete these steps.
Follow these instructions to extract your certificate from Sectigo:
openssl pkcs12 -in <path to p12 cert>.p12 -nokeys -out client_certificate.pemThe public certificate is extracted and starts with "-----BEGIN CERTIFICATE-----".
openssl pkcs12 -in <path to Sectigo p12 file> -nocerts -out <path to unencrypted private key> -nodes
openssl pkcs12 -in <path to Sectigo p12 file> -nocerts -out <path to encrypted private key>The Private key is encrypted. The key should start with "-----BEGIN ENCRYPTED PRIVATE KEY-----"
openssl pkcs8 -inform PEM -in <path to encrypted private key> -outform PEM -out <path to pkcs 8 private key> -passout pass:<pkcs8 file password>