Thursday, May 8, 2014

To import SSL certificate and key into PowerSchool's database

In order to use the PowerSchool's API(s) or to enable Single Sign-on with 3rd-party app using SAML2, we need to enable HTTPS.

To enable HTTPS on this application server, import a certificate and private key into the database. If you have already imported a certificate on this or any other application node, skip this procedure. If you do not yet have a certificate you will have the option to import and enable HTTPS at a later time

If you choose to import, all certificates should be standard X509 certificates in standard Privacy Enhanced Mail (PEM) format. Viewed in a text editor, PEM format certificates start with "------BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----". The private key file should also be in PEM format. The private key password is the password you set when you generated the private key/certificate request pair. If your certificate authority provides an intermediate certificate or certificates, include them here.

My private key is in the form of: myprivate.key , so I have to convert it to .pem format with the following command (in Linux):

$ openssl rsa -in myprivate.key -out myprivate.key.pem -outform PEM

For the certificate, It should be a combined file of: my domain certificate, root certificate, and the intermediate certificate (my_combined_cert.crt).

Then go to PowerSchool > System > System Settings > Digital Certificates Management. And in the Key Store tab, Import Digital Certificate section, select "I have two files and no password (PEM)", then import myprivate.key.pem and mycert.pem. Done.