Digital certificates are used to verify the authenticity of business document transactions between the Community Manager and participants. They are also used for encryption and decryption. Use this screen to edit existing and add new digital certificates to Business Integration Connect.
After you upload your certificates, they are viewable from the console.
You can create certificate expiration alerts that will notify you when a certificate is about to expire. For more information, see Creating alerts and adding contacts. Expired certificates are saved in the IBM WebSphere Business Integration Connect database; they cannot be deleted from the system.
Certificate authority (CA). An authority that issues and manages security credentials and public keys for message encryption. When an individual or company requests a digital certificate, a CA checks with a registration authority (RA) to verify information given to them by the individual or company. If the RA verifies the submitted information, the CA issues a certificate.
Examples of a CA include VeriSign and Thawte.
Digital certificate. A digital certificate is the electronic version of an ID card. It establishes your identity when you perform B2B transactions over the Internet. Digital certificates are obtained from a Certificate Authority (CA) and consist of three things:
Digital signature. A digital code created with a private key. Digital signatures allow members of the hub community to authenticate transmissions through signature verification. When you sign a file, a digital code is created that is unique to both the contents of the file and your private key. Your public key is used to verify your signature.
Encryption. A method of scrambling information to render it unreadable to anyone except the intended recipient, who must decrypt the information to read it.
Decryption. A method of unscrambling encrypted information so that it becomes legible again. The recipient's private key is used for decryption.
Key. A digital code used to encrypt, sign, decrypt, and verify files. Keys can come in key pairs, a private key and a public key.
Non-repudiation. To prevent the denial of previous commitments or actions. For B2B electronic transactions, digital signatures are used to validate the sender and time stamp the transaction. This prevents the parties involved from claiming that the transaction was not authorized or not valid.
Private key. The secret portion of a key pair. This key is used to sign and decrypt information. Only you have access to your private key. Your private key is also used to generate a unique digital signature based on the contents of the document.
Public key. The public portion of a key pair. This key is used to encrypt information and verify signatures. A public key can be distributed to other members of the hub community. Knowing a person's public key does not help anyone discover the corresponding private key.
Self-signed key. A public key that has been signed by the corresponding private key for proof of ownership.
X.509 certificate. A digital certificate used to prove identity and public key ownership over a communication network. It contains the issuer's name (that is, the CA), the user's identifying information, and the issuer's digital signature.
Your certificate identifies your organization and the time period that the certificate is valid.
Digital certificates help companies identify themselves when they conduct business over the Internet. They are used the same way an I.D. card or driver's license is used. When Company A presents their certificate to Company B, the certificate verifies Company A's identity.
The following is a simplified example of how digital certificates are issued and used.
Company A and Company B want to conduct business transactions with each other over the Internet. Company B, who has a digital certificate and key pair (public and private keys), requests a copy of Company A's certificate and public key.
Company A, who does not have a digital certificate, contacts a Certificate Authority (CA) and requests a digital certificate. The CA verifies Company A's identity and issues the company a digital certificate. The certificate includes a key pair (public and private keys), the digital signature of the CA, and information that identifies Company A (the company's name and digital signature). The certificate also includes a serial number and expiration date.
Company A and Company B exchange digital certificates. Both parties now trust each other and are willing to conduct Internet transactions with each other.
The different types of digital certificates are described in the following section.
All certificates must be in either DER or ASCII Privacy Enhanced Mail (PEM) format. The certificates can be converted from one format to another.
There are several types of certificates:
You must upload the certificate to Business Integration Connect through the console and send a copy of the certificate to the Hub Operator.
VTP certificates copied to the file system are active for all participants created through the console. They are used to validate signed documents received from the Community Participant Simulator. Additionally, certificates copied to the file system are not viewable through the console.
If client authentication is not required, the following must occur:
If client authentication is required, the following must occur: