If the Helix Authentication Service (HAS) used for Helix Plan authentication is running on https, you need to add certificates to the Helix Plan server for Helix Plan to act as a client for HAS. You can use self-signed certificates provided by the HAS installation or generate your own, which must be signed by a trusted certificate authority known by HAS.
1. Make sure that a version of the Helix Plan server that supports single sign-on using HAS is installed. Helix Plan 11.0041 and later supports SSO.
2. Add certificates to the following directory on the Helix Plan server computer: HPMServer\Security\HASClientCert (e.g., C:\PMServer\Security\HASClientCert).
Helix Plan expects the following certificate filenames, so you may need to rename your files:
- certificate.pem – Client certificate
- key.pem – Private key for the client certificate
- ca.pem – Certificate authority (CA) certificate, to validate the Helix Authentication Service’s server certificate. If a https connection to your Helix Authentication Service requires a CA that is not installed in your operating system’s certificate store, you can save that CA certificate here.
3. If you have a self-signed client certificate, specify its filename in the CA_CERT_FILE setting in helix-authentication-service/.env and relaunch HAS.
If you have a CA signed certificate, use CA_CERT_FILE or CA_CERT_PATH as described in the Helix Authentication Service Administrator Documentation.