How to use the Symphony API certificate generator to create a REST API self-signed certificate

To create a bot or application using the Symphony REST API, you can leverage a tool that uses an OpenSSL-based utility in creating self-signed certificates.

Note: This method should only be used if you are not be able to officially obtain a self-signed certificate internally.

  1. Download the file from the following URL:

https://filevault.symphony.com/index.php/s/xn4mK2Cq47jM5qE

Note: The password is 123Symphony!

  1. Extract the contents of the file to a new blank folder on your machine and record the location.

Note:If you require more than one separate signing certificate for different environments such as Production or Testing, you will need to extract the file to a separate folder for each signing certificate. You can do this as many times as required, but do not overwrite an existing folder with the same content as it will cause the certificate to function incorrectly.

  1. From the Start menu, select Run.
  2. Type cmd and press Enter.
  3. Navigate to the location of the file you recorded in step 2.

Note: Ensure you are running cmd.exe as an administrator.

  1. Execute the MakeRoot command and follow the prompts that appear.

Note: Ensure you remember the PEM pass phrase you select and other values that are entered, as they will be required later.

  1. The batch file will execute and display a Success message.

1.png

  1. From Symphony, navigate to the Admin Portal and select Manage Certificates under Company Settings.

2.png

  1. Import the root\ca_signing_cert.pem file by selecting Import.

3.png

  1. The Admin Portal will require you to make a duplicate of the root\ca_signing_cert.pem file and replace the file extension to .CER for one of the duplicate files.
  2. Once the duplicate is created, you will be able to upload the file.
  3. In the Admin Portal, create a new Service Account.

4.png

  1. Select All Roles for this Service Account. Ensure you record the username of the Service Account as you will need to use this as the Common Name/CNAME for the signing certificate in step 15.
  2. Returning to the cmd prompt, execute the makeusercert command along with the specified filename and follow the steps provided.

Note: Populate as many fields as possible here to avoid future issues.

  1. Use the Symphony Service Account Username value for the Common Name/CNAME and enter the remaining values entered for your signing certificate above.
  2. The batch file will execute and display a Created signed certificate message.

5.png

  1. A P12 file will be created in the users sub-folder. This file can be used for the purpose of authentication with the Symphony REST API for your pod environment via your bot or Service Account.