To have a permanent access to a customer Xero file, a Xero Partner Application is required. More information can be found on the Xero website: https://developer.xero.com/documentation/auth-and-limits/partner-applications

To securely access the Xero Partner API, a certificate must be generated and uploaded against the partner application.

1 - Renew the X509 Certificates

1.1 - Generate the Certificate Key Pair

To generate a public/private certificate pair on a Linux OS, run the following command:

openssl req -x509 -newkey rsa:4096 -keyout [my_certificate].pem -out [my_certificate].cer -days 730 -nodes -subj "/C=AU/ST=NSW/L=Sydney/O=[MyOrganisation]/OU=IT/CN=[example.com]/emailAddress=[contact@example.com]"

Do not forget to specify your own certificates attributes in the subj parameter:

• C: Country
• ST: State
• L: City
• O: Organization name
• OU: Organization Unit or Department Name
• CN: Domain name
• emailAddress: Contact email address

The duration of the certificate is specified in days with the parameter day. it is recommended to use a duration of 2 years.

1.2 - Upload the Public Certificate on Xero application

Then log into the Xero Applications management console and upload the Public Key Certificate xero_maestrano_dev.cer

1.3 - Update Mnohub and Connec! components to use the Private Certificate

1.3.1 - Using Nex! deployments

Update the environment property oauth_xero_private_key with the content of the private certificate

1.3.2 - Using Ansible scripts

Copy the private key file in your ansible script configuration mno-deploy-myproject/ansible/files/xero_certs/[environment]/privatekey.pem

2 - Entrust Certificates