Use the Symphony API certificate generator to create a REST API self-signed certificate

To create a bot or application using the Symphony REST API, you can leverage a tool that uses an OpenSSL-based utility in creating self-signed certificates. This method should only be used if you are not be able to officially obtain a self-signed certificate internally.


1. Download the file from the following URL:


Note: The password is 123Symphony!


2. Extract the contents of the file to a new blank folder on your machine and record the location


Note: If you require more than one separate signing certificate for different environments such as Production or Testing, you will need to extract the file to a separate folder for each signing certificate. You can do this as many times as required, but do not overwrite an existing folder with the same content as it will cause the certificate to function incorrectly


3. From the Start menu, click Run


4. Type cmd and press Enter


5. Navigate to the location of the file in step 2


Note: Ensure you are running cmd as an administrator


6. Execute MakeRoot and follow the prompts that appear. Ensure you remember the PEM pass phrase you select and other values that are entered as they will be required later


7. The batch file will execute and display a Success message (Figure 1):



Figure 1 Successful Batch File


8. From Symphony, navigate to the Admin Portal and click Manage Certificates under Company Settings (Figure 2):



Figure 2 Manage Certificates


9. Import the root\ca_signing_cert.pem file by clicking Import (Figure 3):



Figure 3 Import


10. The Admin Portal will require you to make a duplicate of the root\ca_signing_cert.pem file and replace the file extension to .CER for one of the duplicate files


11. Once the duplicate is created, you will be able to upload the file


12. In the Admin Portal, create a new Service Account (Figure 4):



Figure 4 Service Account


13. Select All Roles for this Service Account. Ensure you record the username of the Service Account as you will need to use this as the Common Name/CNAME for the signing certificate in step 15


14. Returning to the cmd prompt, execute the makeusercert command along with the specified filename and follow the steps provided


Note: Populate as many fields as possible here to avoid future issues


15. Use the Symphony Service Account Username value for the Common Name/CNAME and enter the remaining values entered for your signing certificate above.


16. The batch file will execute and display a Created signed certificate message (Figure 5):



Figure 5 Created Signed Certificate


17. A P12 file will be created in the users sub-folder. This file can be used for the purpose of authentication with the Symphony REST API for your pod environment via your bot or Service Account