Video Screencast Help

Is A Certificate File Required As Part Of A Production Implementation?

Created: 21 Sep 2012 • Updated: 18 Dec 2012 | 1 comment
This issue has been solved. See solution.

Hi,

First, a big "Thanks" to Jeff for helping me get past my biggest hurdle ( so far! ). 

I need to know if a certificate file is required in a production environment.  We are implementing a Point of Sale system running in each store.  The intent is to force store employees to call their manager for a VIP security code before being able to perform specific tasks in the system.  For example, before posting a payment, the employee has to call the manager who will use their VIP credential to get a security code.  The manager gives them the security code, and they enter it.  The system will call the VIP API with the user id for the manager, and the security code that the employee was given by the manager.

In all the setup, getting the testdrive demo working, and now writing java programs to call the API, there always seems to be the requirement for a certificate file.  All the documentation, sample code, etc., that comes with the testdrive package uses the default "testdrive.p12" credential file.

Is a certificate file required for using the API in the manner I described?  If so, is there a "default" credential file, like "testdrive.p12", that has to be installed on each computer in the stores?  If not, do we have to have the credential file for each manager on the computers for their stores? 

We would prefer a setup where there is NOT the requirement to install a credential file - unless there is some default file that can go on every computer - and that we simply call the API with the userid and security code.

I would appreciate any and direction you can provide.

Thanks.

Mark Turner

Discussion Filed Under:

Comments 1 CommentJump to latest comment

Jeff Burstein's picture

Yes, the certificate is required to authenticate your backend application to your specific account in the VIP service -- think of it as an API key. Keep this certificate secure -- access to it allows anyone access to your VIP account. I would recommend using it within your backend service and not on endpoint devices -- these managers are authenticating to some service, right?

Are you using a VIP trial account? You can download a certificate unique to your actual account from VIP Manager and use it within your application. The developer test drive on Connect uses a shared account for test purposes only -- get a trial for the full service: http://go.symantec.com/viptrial.

SOLUTION