Help Desk

Submit a ticket My Tickets
Welcome
Login

Anaplan Automated CA-Signed Certificate Script


If you are familiar with shell scripts on macOS or Linux, then the following script would be helpful to automate the steps to create the required files to authenticate with Anaplan via a CA-signed certificate. 

Depending on the documented options in the script, the following outputs will be produced: 

  • A Public Key for uploading to Anaplan's tenant administration 
  • An unencrypted or encrypted Private Key as well as a Java Key Store (JKS) for use with a OneCloud Anaplan connection or with Anaplan Connect. 

In the script below, please update the following parameters and execute the script in your own environment.

  • CertP12Format 
  • CertP12Password
  •  PemPassPhrase 
  • KeyStoreAlias 
  • KeyStorePassword 
  • CreateUnencryptedPrivateKey (True / False) 
  • EncryptedPrivateKey (True / False) 
  • CreateJks (True / False)

It is advised that you leave the other default values. If so, here are how the following files are used: 

  • "ca_certificate.pem" is the public certificate that is uploaded to Anaplan. Follow the documentation that Anaplan provides here and use the Register a Certificate documentation. 
  • The "ca_certificate.pem" file is also uploaded as a resource when configuring an Anaplan OneCloud connection
  • The "unencrypted_private_key.pem" and "encrypted_private_key_pkcs8.pem" can each be used with an Anaplan Connect Script.
create-cert.sh
#!/bin/sh
# For MAC OS : This script will create a CA Certificate that is compatible with Anaplan Connect
# Update the variables below with your particular settings. 


# Provide the path and file name of the exported certificate in .p12 format
CertP12Format="PATH TO CERTIFICATE IN P12 FORMAT"
CertP12Password="PASSWORD FOR CERTIFICATE IN P12 FORMAT"
CertPEMFormat="ca_certificate.pem"

# Set the line number where the public key starts
StripLinesUpUntil=82

# Provide the path and file name of the unencrypted export key.
# This file is required for creating a Java Key Store
CreateUnencryptedPrivateKey="true"
UnencryptedPrivateKey="unencrypted_private_key.pem"


# Provide the path and file name of the encrypted export key.
# This is only required if opting to not use a Java Key Store
CreateEncryptedPrivateKey="true"
EncryptedPrivateKey="encrypted_private_key_pkcs8.pem"
PemPassPhrase="pem-password"

# Provide the path and file name of the Java Key Store
CreateJks="true"
JavaKeyStore="keystore.jks"
KeyStoreAlias="PROVIDE ALIAS"
KeyStorePassword="jks-password"

#____________________________ Do not edit below this line ______________________________

echo "************* Creating CA Certificate (PEM Format) *************"
echo "You will be prompted to enter a few passwords. Be sure to enter the Import Certificate password: \"${CertP12Password}\""
read -p "Press any key to continue... " -n1 -s
openssl pkcs12 -in $CertP12Format -nokeys -out ./temp_cert
sed -e "1,${StripLinesUpUntil}d" < ./temp_cert > ${CertPEMFormat}
### https://www.computing.net/answers/programming/delete-all-lines-afterbefore-line-number-with-dos-batch/29963.html
cat ${CertPEMFormat}
rm ./temp_cert

echo "CA Certificate (PEM Format) created: $CertPEMFormat" 

if [ $CreateUnencryptedPrivateKey == "true" ]
then
    echo "************ Creating Unencrypted Private Key ******************"
    echo "You will be prompted to enter the Import Certificate password. Be sure to enter the password: \"${CertP12Password}\""
    openssl pkcs12 -in $CertP12Format -nocerts -out $UnencryptedPrivateKey -nodes
    echo "Unencrypted Private Key created: $UnencryptedPrivateKey" 
else 
    echo "************** Unencrypted Key was NOT created *****************"
fi




if [ $CreateEncryptedPrivateKey == "true" ]
then
    echo "************ Creating Encrypted Private Key ******************"
    echo "You will be prompted to enter the Import Certificate password. Be sure to enter the password: \"${CertP12Password}\""
    echo "You will also be prompted to enter the pem passphrase. Be sure to enter the passphrase: \"${PemPassPhrase}\""
    read -p "Press any key to continue... " -n1 -s
    openssl pkcs12 -in $CertP12Format -nocerts -out ./temp_cert
    openssl pkcs8 -inform PEM -in ./temp_cert -outform PEM -out $EncryptedPrivateKey -passout pass:$PemPassPhrase
    rm ./temp_cert
    echo "Encrypted Private Key created: $EncryptedPrivateKey" 
else 
    echo "************** Encrypted Key was NOT created *****************"
fi




if [ $CreateJks == "true" ]
then
    echo "************ Creating Java Key Store ******************"
    echo "You will be prompted to enter a password. Be sure to enter \"${KeyStorePassword}\" (3x)"
    read -p "Press any key to continue... " -n1 -s
    openssl pkcs12 -export -in ${CertPEMFormat} -inkey $UnencryptedPrivateKey -out ./keystore_bundle.p12 -name $KeyStoreAlias -CAfile $CertPEMFormat -caname root 
    keytool -importkeystore -deststorepass $KeyStorePassword -destkeystore $JavaKeyStore -srckeystore ./keystore_bundle.p12 -srcstoretype PKCS12
    rm ./keystore_bundle.p12
    echo "Java Key Store created: $JavaKeyStore" 
else 
    echo "********* Java Key Store was NOT created **************"
fi

O
OneCloud is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.