Getting a NetSuite SAML Certificate error Skip to main content
https://support.okta.com/help/answers?id=9060z000000jjnfqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Dylan PierceDylan Pierce 

Getting a NetSuite SAML Certificate error

Our NetSuite admin is sending this to me.
 
Oracle NetSuite
 
 
Change to the NetSuite SAML Certificate in the NetSuite SP Metadata
 
 
Your NetSuite Account ID: 1125535
 


You are receiving this notification because you are using SAML Single Sign-on in your NetSuite account. On June 13, 2018, the SAML certificate referenced in the NetSuite Service Provider (SP) metadata will expire. We are in the process of renewing the NetSuite SAML certificate, and will be updating the NetSuite SP metadata file. We will release the change in the scheduled e-fix to all sandbox accounts on June 6, 2018 and to all production accounts on June 7, 2018.

We recommend that after the change is made, all our SAML customers update their identity provider (IdP) by uploading the NetSuite SP metadata file containing the new certificate. Not all IdPs support the uploading of a metadata file. If your IdP has a manual configuration process, you must upload a new certificate file. Instructions for constructing a certificate file are included in a new topic in the help center, Extract an Encryption Certificate or Signing Certificate from the SP Metadata File (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPXNlY3Rpb25fMTUyMDg5NDc1Ny5odG1sI3N1YnNlY3RfMTUyNTM2ODY4Ng**&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" target="_blank" title="Double Click to follow link). These instructions are a subsection of the topic IdP Metadata and SAML Attributes (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPXNlY3Rpb25fMTUyMDg5NDc1Ny5odG1s&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" target="_blank" title="Double Click to follow link) in the NetSuite Help Center, SuiteAnswers ID 70359.

The change to the SP metadata will particularly affect those SAML customers who are:
  • Using the SP-initiated flow with a signed request.
  • Using the IdP-initated flow with encrypted assertions (or parts of the assertion that are encrypted).
  • Using the Single Logout functionality.
These customers must update their IdP with the new certificate information to ensure these features continue to work after the change goes into effect.

Note: This change affects only those SP-initiated flows that contain a signed request. SP-initiated flows with requests that are not signed, and IDP-initiated flows that do not contain encrypted assertions, will continue to work as they did before this change goes into effect.

Upload the new NetSuite SP metadata file to your IdP, or at least upload a new certificate file, for all accounts in which you use SAML. Your sandbox accounts will be updated on June 6, 2018 and your production account will be updated on June 7, 2018.
What is Changing?Recommended Action
On June 13, 2018, the SAML certificate referenced in the NetSuite Service Provider Metadata will expire. We will be renewing the NetSuite SAML certificate, and updating the NetSuite Service Provider (SP) Metadata as follows:
  • Sandbox accounts: June 6, 2018.
  • Production accounts: June 7, 2018.
Those customers that might be affected by this change should update the NetSuite Service Provider (SP) metadata information with your identity provider (IdP) after we publish the new certificate (after the e-fix has been pushed to your account).
  • Upload the new NetSuite SP metadata file.
Or:
  • Upload a new certificate file.


For more information, see the following help topics: If you wish to review all the SAML documentation in the NetSuite Help Center, please see SAML Single Sign-on (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPWNoYXB0ZXJfbjM4MjUxMTkuaHRtbA**&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" title="Double Click to follow link), SuiteAnswers ID 24490.
If you require assistance or more information, please contact NetSuite Customer Support.
Thank you,
The NetSuite Team



Please do not reply directly to this e-mail, as we are unable to process it. If you are not the appropriate recipient for this type of communication, you may either unsubscribe (below) or contact us via your Account Manager or Customer Support.
NetSuite

2955 Campus Drive, Suite 250 
San Mateo, CA 94403-2511 
650-627-1000
FOLLOW US
Facebook  LinkedIn  Twitter
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Privacy Statement | Trademark
 
 
Matt MaherMatt Maher (Okta, Inc.)
Hi Dylan, The Okta OIN Netsuite app currently does not have encryption turned on and we do not upload the Netsuite certificate in the Okta setup.  The only way you could be impacted by this change on Netsuite is if you used the SAML wizard application setup with encryption turned on and you used the Netsuite certificate for encryption. If you added the OIN Netsuite application in Okta there are no changes that need to be made in Okta.