Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > Partner Program >

Updating Entrust Certificate for Partner Application

Started by Ronnie Beltran -   in Partner Program

Hello Everyone.

Our application is a Partner Application which our entrust certificate has expired last Dec 2015. I managed to download a newly assigned entrust certificate from Xero following the steps here http://developer.xero.com/documentation/advanced-docs/partner-app-entrust-certificate-instructions/.

So here are the steps I made to update it.

Step 1. Generate public and private key pair as discussed here.

# generates privatekey.pem
openssl genrsa -out privatekey.pem 1024

# generates publickey.cer (365 days == 1 year)
openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 365

Step 2. Split the xero entrust certificate following instructions below.

# generates entrust-cert.pem
openssl pkcs12 -in entrust-client.p12 -clcerts -nokeys -out entrust-cert.pem

# generates entrust-private.pem
openssl pkcs12 -in entrust-client.p12 -nocerts -out entrust-private.pem

# generates entrust-private-nopass.pem
openssl rsa -in entrust-private.pem -out entrust-private-nopass.pem

Step 3

## Upload publickey.cer to Xero website.

Go to https://app.xero.com/Application/List
Choose/Click Partner type app
Click "Upload a new Puclic Key Certificate"
Browse and find the publickey.cer from step 1

Step 4

Use the entrust certs in our application code. I prepared a gist to check if the credentials are working.
See https://gist.github.com/ronbeltran/a408c64649ca92c37e7e

Our app in production runs in google app engine. And right now Im still getting HTTP 403.
Official Xero Reply
Xero will begin to deprecate Entrust Certificates for Xero Partner Apps in 2017


Sidney Maestre (Community Manager)