Getting a NetSuite SAML Certificate error

h9ysd (h9ysd) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 6, 2018 at 5:50 PM

"Our NetSuite admin is sending this to me.

Change to the NetSuite SAML Certificate in the NetSuite SP Metadata Your NetSuite Account ID: 1125535

You are receiving this notification because you are using SAML Single Sign-on in your NetSuite account. On June 13, 2018, the SAML certificate referenced in the NetSuite Service Provider (SP) metadata will expire. We are in the process of renewing the NetSuite SAML certificate, and will be updating the NetSuite SP metadata file. We will release the change in the scheduled e-fix to all sandbox accounts on June 6, 2018 and to all production accounts on June 7, 2018.

We recommend that after the change is made, all our SAML customers update their identity provider (IdP) by uploading the NetSuite SP metadata file containing the new certificate. Not all IdPs support the uploading of a metadata file. If your IdP has a manual configuration process, you must upload a new certificate file. Instructions for constructing a certificate file are included in a new topic in the help center, Extract an Encryption Certificate or Signing Certificate from the SP Metadata File (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPXNlY3Rpb25fMTUyMDg5NDc1Ny5odG1sI3N1YnNlY3RfMTUyNTM2ODY4Ng**&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" target="_blank" title="Double Click to follow link). These instructions are a subsection of the topic IdP Metadata and SAML Attributes (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPXNlY3Rpb25fMTUyMDg5NDc1Ny5odG1s&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" target="_blank" title="Double Click to follow link) in the NetSuite Help Center, SuiteAnswers ID 70359.

The change to the SP metadata will particularly affect those SAML customers who are:

Using the SP-initiated flow with a signed request.
Using the IdP-initated flow with encrypted assertions (or parts of the assertion that are encrypted).
Using the Single Logout functionality.

These customers must update their IdP with the new certificate information to ensure these features continue to work after the change goes into effect.

Note: This change affects only those SP-initiated flows that contain a signed request. SP-initiated flows with requests that are not signed, and IDP-initiated flows that do not contain encrypted assertions, will continue to work as they did before this change goes into effect.

Upload the new NetSuite SP metadata file to your IdP, or at least upload a new certificate file, for all accounts in which you use SAML. Your sandbox accounts will be updated on June 6, 2018 and your production account will be updated on June 7, 2018. What is Changing?Recommended ActionOn June 13, 2018, the SAML certificate referenced in the NetSuite Service Provider Metadata will expire. We will be renewing the NetSuite SAML certificate, and updating the NetSuite Service Provider (SP) Metadata as follows:

Sandbox accounts: June 6, 2018.
Production accounts: June 7, 2018.

Those customers that might be affected by this change should update the NetSuite Service Provider (SP) metadata information with your identity provider (IdP) after we publish the new certificate (after the e-fix has been pushed to your account).

Upload the new NetSuite SP metadata file.

Or:

Upload a new certificate file.

For more information, see the following help topics:

NetSuite SAML Certificate References (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPWJyaWRnZWhlYWRfMzcxNTE1NDg2MC5odG1s&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" target="_blank" title="Double Click to follow link), SuiteAnswers ID 70019 (about need to periodically update the NetSuite SAML Certificate).
The Prepare to Provide NetSuite SP Metadata to Your IdP (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPXNlY3Rpb25fTjM4MjUzNzMuaHRtbCNzdWJzZWN0XzE1MjA3MjQ3NDQ*&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" title="Double Click to follow link) subsection ofComplete Preliminary Steps in NetSuite for SAML SSO (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPXNlY3Rpb25fTjM4MjUzNzMuaHRtbA**&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" target="_blank" title="Double Click to follow link), SuiteAnswers ID 24487 (where to find and download the SP metadata file in NetSuite).
Configure NetSuite with Your Identity Provider (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPXNlY3Rpb25fMTUyMDcyNDIyNy5odG1s&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" title="Double Click to follow link), SuiteAnswers ID 70357 (how to provide the SP metadata to your IdP). Refer also to the documentation provided by your IdP.

If you wish to review all the SAML documentation in the NetSuite Help Center, please see SAML Single Sign-on (http://netsuite-info.com/app/crm/marketing/campaignlistener.nl?__lstr=__cl&c=NLCORP&__h=8268478e55ecb1293783&__r=338747224&eou=aHR0cHM6Ly9zeXN0ZW0ubmV0c3VpdGUuY29tL2FwcC9oZWxwL2hlbHBjZW50ZXIubmw_ZmlkPWNoYXB0ZXJfbjM4MjUxMTkuaHRtbA**&_od=aHR0cHM6Ly9mb3Jtcy5uZXRzdWl0ZS5jb20*" title="Double Click to follow link), SuiteAnswers ID 24490.

If you require assistance or more information, please contact NetSuite Customer Support.

Thank you,

The NetSuite Team

Please do not reply directly to this e-mail, as we are unable to process it. If you are not the appropriate recipient for this type of communication, you may either unsubscribe (below) or contact us via your Account Manager or Customer Support. oracle-netsuite-vertical

2955 Campus Drive, Suite 250

San Mateo, CA 94403-2511

650-627-1000FOLLOW US

matt.maher (Presales - Americas Commercial, Emerging East)
Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:30 AM
Hi Dylan, The Okta OIN Netsuite app currently does not have encryption turned on and we do not upload the Netsuite certificate in the Okta setup. The only way you could be impacted by this change on Netsuite is if you used the SAML wizard application setup with encryption turned on and you used the Netsuite certificate for encryption. If you added the OIN Netsuite application in Okta there are no changes that need to be made in Okta.
Expand Post

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies