Digital Certificates: General Information
MYOB Acumatica uses digital certificates to store sensitive information in the database encrypted and to authenticate documents (PDF files) that are shared or sent electronically. These certificates can be purchased from a recognized certification authority. Each certificate has a password that is used to validate the owner of the certificate if you need to reinstall the system or move the database.
Learning Objectives
In this chapter, you will learn how to do the following:
- Upload digital certificates to be used for database encryption or PDF signing.
- Replace the default encryption method used for MYOB Acumatica database with a certificate of your choice.
- Configure the signing of PDF files generated for reports in the system.
Applicable Scenarios
You use digital certificates in the following cases:
- Your company has decided to replace the default encryption algorithm used in MYOB Acumatica to encrypt sensitive data stored in the database with some other encryption certificate because of company security polices. You, as a system administrator, have been asked to configure the replacement.
- Your company has decided to use encryption certificates for signing PDF files generated for reports in MYOB Acumatica. You, as a system administrator, have been asked to upload the needed certificate and configure the signing of PDF files.
Certificate Registration
To use a certificate, you first need to register it on the Encryption Certificates (SM200530) form. Only certificates that are added to this form can be used for replacing the database encryption algorithm used in MYOB Acumatica or for signing PDF files.
For each certificate, you provide a name and a password. The system uses the password to access the uploaded certificate and use it for data encryption. Then you attach the certificate file to the record.
Database Encryption
The MYOB Acumatica database stores sensitive data, such as credit card numbers and passwords, encrypted. If no encryption certificate is loaded, base64 encryption is used. You can find the list of encrypted data on the Certificate Replacement (SM200535) form.
You can replace the encryption algorithm used in MYOB Acumatica with your encryption certificate. If the database of your MYOB Acumatica instance is large, encryption may take a lot of time and may cause slowdowns in responses from the database. For large databases, we recommend that you postpone the start of encryption by scheduling it at a time when nobody is using the system (for example, at night).
PDF Signature
You can use encryption certificates to sign PDF files that are generated for reports in the system. A PDF certificate protects the authenticity of a document throughout its life cycle. For example, when a company employee emails the company's digitally signed quarterly financial statements, the recipients of the documents can be sure of the identity of the sender and the integrity of the financial information.
You can specify a certificate that will be used for signing the PDF documents generated by the system. You use the PDF Signing Certificate box on Security Preferences (SM201060) form to specify the default certificate.
Removal of Outdated Certificates
Before you remove a certificate from the system, make sure that the certificate is not being used for the database encryption on the Certificate Replacement (SM200535) form or for PDF document signing on the Security Preferences (SM201060) form. If it is used in either of these cases, the certificate cannot be removed.
You remove an outdated certificate from the list on the Encryption Certificates (SM200530) form by clicking Delete Row on the table toolbar.