CA Certificates

A CA certificate is a digital certificate issued by a certificate authority (CA). The CA verifies trusted certificates for trusted roots. Trusted roots are the foundation upon which chains of trust are built in certificates.

Trusting a CA root means that you trust all certificates issued by that CA. If you elect not to trust a CA root, Sterling B2B Integrator does not trust any certificates issued by that CA.

CA certificates contain a public key corresponding to a private key. The CA owns the private key and uses it to sign the certificates it issues. To validate a trusted certificate, you must first check in a CA certificate.

Root certificates from common CAs are contained in a Java keystore (JKS) in the JVM that ships with Sterling B2B Integrator. This allows users to establish some authority-based trust relationships more easily than if they had to search for and obtain the certificates from a CA Web site.

CA certificates are stored separately from trusted certificates in the product.

From the user interface, you can check in CA root certificates that originate from any of the following sources:
  • Common CA root certificates shipped with Sterling B2B Integrator in the JKS keystore.
  • Only certificates and trusted certificates are recognized. Certificates and private keys are not visible to the UI.
  • SSL certificates imported from trading partners.
  • Other certificates obtained externally.

Based on security policies at your site, CA certificates in the JKS keystore can also be checked in through the console. Although CA certificates are public documents, you must be careful about who has rights to add them. Someone could maliciously add a false CA certificate in order to verify false end-user certificates.

You can bundle CA certificates together as Certificate Groups. This can help in saving time when you are configuring multiple server adapters and have to specify the CA certificates for those adapters. You can also add a certificate to one or more existing group(s).
Note: To view all the available certificate groups, from the Administration menu, select Operations > Reports. Next to the Report Configuration, click Go! and from the reports type list, select CertificateGroup.

You can export CA Digital Certificates to XML using the Resource Manager. For more information, see Resource Manager.