If the P4 AS (HAS) used for P4 Plan authentication is running on https, you need to add certificates to the P4 Plan server for P4 Plan to act as a client for HAS. You can use self-signed certificates provided by the HAS installation or generate your own, which must be signed by a trusted certificate authority known by HAS.
1. Make sure that a version of the P4 Plan server that supports single sign-on using HAS is installed. P4 Plan 11.0041 and later supports SSO.
2. Add certificates to the following directory on the P4 Plan server computer: HPMServer\Security\HASClientCert (e.g., C:\PMServer\Security\HASClientCert).
P4 Plan expects the following certificate filenames, so you may need to rename your files:
- certificate.pem – Client certificate
- key.pem – Private key for the client certificate
- ca.pem – Certificate authority (CA) certificate, to validate the Helix Authentication Service’s server certificate. If a https connection to your Helix Authentication Service requires a CA that is not installed in your operating system’s certificate store, you can save that CA certificate here.
3. If you have a self-signed client certificate, specify its filename in the CA_CERT_FILE setting in helix-authentication-service/.env and relaunch HAS.
If you have a CA signed certificate, use CA_CERT_FILE or CA_CERT_PATH as described in the Helix Authentication Service Administrator Documentation.