To create a valid certificate for OAuth 2.0 M2M (Machine-to-Machine) authentication in NetSuite, you need to generate a public/private key pair (certificate), upload the public key to NetSuite, and use the private key securely in your application or integration setup.
Step-by-Step Certificate Creation
Generate Key Pair
- Use OpenSSL to generate the keys by running:
openssl req -new -x509 -newkey rsa:4096 -keyout private.pem -sha256 -out public.pem -nodes -days 730
private.pem: Private key, keep this file secure.public.pem: Public key to upload to NetSuite.- The
-days 730flag sets the validity to 2 years (NetSuite’s maximum).
Upload Public Key to NetSuite
- Go to
Setup > Integration > OAuth 2.0 Client Credentials (M2M) Setupin NetSuite. - Create a new mapping:
- Select the Entity (employee), Role, and Application/Integration for your OAuth setup.
- Upload the
public.pemfile. - Save and note the Certificate ID generated by NetSuite; this will be required in your integration.
Certificate Requirements
- The public key must be in x.509 PEM,
.pem,.cer, or.crtformat. - RSA keys must be 3072 or 4096 bits.
- Validity is capped at 2 years; longer durations are automatically shortened.
- Each certificate is tied to a specific integration, role, and entity combination.
Using the Certificate
- Use the Certificate ID (from NetSuite) and the private key (
private.pem) in your integration or CI environment. - The OAuth flow signs JWT tokens with the private key and matches with the public key stored in NetSuite.