Configuring certificates for single sign-on on the Helix Plan server
If the Helix Authentication Service (HAS) used for Helix Plan authentication is running on https, you need to add certificates to the Helix Plan server for Helix Plan to act as a client for HAS. You can use self-signed certificates provided by the HAS installation or generate your own, which must be signed by a trusted certificate authority known by HAS.
1. Make sure that a version of the Helix Plan server that supports single sign-on using HAS is installed. Helix Plan 11.0041 and later supports SSO.
2. Add certificates to the following directory on the Helix Plan server computer: HPMServer\Security\HASClientCert
(e.g., C:\PMServer\Security\HASClientCert
).
Helix Plan expects the following certificate filenames, so you may need to rename your files:
- certificate.pem – Client certificate
- key.pem – Private key for the client certificate
- ca.pem – Certificate authority (CA) certificate, to validate the Helix Authentication Service’s server certificate. If a https connection to your Helix Authentication Service requires a CA that is not installed in your operating system’s certificate store, you can save that CA certificate here.
3. If you have a self-signed client certificate, specify its filename in the CA_CERT_FILE
setting in helix-authentication-service/.env
and relaunch HAS.
If you have a CA signed certificate, use CA_CERT_FILE
or CA_CERT_PATH
as described in the Helix Authentication Service Administrator Documentation.