SSL Cert Grabber Adapter
The SSLCertGrabber adapter captures SSL certificates of trading partner servers that support HTTPS or FTPS protocols.
The following table provides an overview of the SSLCertGrabber adapter:
|System name||SSLCertGrabber adapter|
|Graphical Process Modeler (GPM) category||All Services|
|Description||This adapter captures SSL certificates of trading partner servers supporting HTTPS or FTPS protocols.|
|Business usage||The Cert Capture Utility Wizard uses
this adapter to capture the certificates of the trading partner server
with which future transactions might happen. Once the certificates
of the HTTPS or FTPS server is obtained, they can be manually verified.
The certificates are then checked in to the Sterling B2B Integrator System
as Trusted or CA Certificate based on the certificate type.
The adapter parameters hostname and port name are taken from the User Interface (UI) wizard.
|Usage example||You must edit the Default service configuration to provide the connection parameters, such as, proxy information (if required) and Perimeter Server information. The UI wizard obtains the host name and port number of the trading partner server. The UI wizard then invokes a Sterling B2B Integrator Business Process that uses the adapter to fetch trading partner certificates.|
|Preconfigured?||No. You must install and deploy the SSLCertGrabber adapter before it can be used.|
|Requires third-party files?||No|
|Platform availability||All Sterling B2B Integrator supported platforms|
|Application requirements||An HTTP or FTP server at the external trading partner
location with SSL enabled.
When this adapter is configured with a non-local-mode Perimeter Server, the Perimeter Server must be installed and running. This Perimeter Server is installed in a DMZ environment, separated from Sterling B2B Integrator by a firewall. For more information about installing and running the adapter, see Perimeter Services.
|Initiates business processes?||No|
|Business process context considerations||None|
|Returned status values||Status values:
|Testing considerations||Debug information for this adapter can be found in the SSLCertGrabberAdapter and Services log files.|
Implementing the SSLCertGrabber Adapter
- Create an SSLCertGrabber adapter configuration. See Managing Services and Adapters.
- Configure the SSLCertGrabber adapter. See Configuring the SSLCertGrabber Adapter.
Configuring the SSLCertGrabber Adapter
- Select Deployment > Services > Configuration.
- Search for SSLCertGrabber adapter or select it from the list.
- Click Edit.
- Specify field settings:
Field Description Name Name of this adapter in Sterling B2B Integrator. Required. Description Description of adapter. Required. Select a Group Select one of the options:
Tip: For more information about groups, see Managing Services and Adapters.
- None – You do not want to include this configuration in a group at this time.
- Create New Group – You can enter a name for a new group in this field. The new group is created along with this configuration.
- Select Group – Groups that are already created are displayed in the list. Select a group from the list.
Local port range Local port range, which the client can use for established connection. Optional. Global Proxy Server Global proxy setting if local adapter proxy settings are not available. Optional. Number of connection retries Number of connection attempts for the adapter. Required. Delay between retries Delay before adapter attempts to establish connection. Required. Delay Waiting On IO Time the adapter waits for IO while establishing connection. Required. Use Proxy Server Proxy setting for the adapter (only valid for HTTPS). Required. Proxy Hostname IP address or host name of the target proxy server. Trading Partner profile setting can override the value. Required if Use proxy server is Yes. Proxy Port Port number of the target proxy server. Trading Partner profile setting can override the value. Required if Use proxy server is Yes. Proxy Retry Attempts Number of times the adapter attempts to connect to proxy server. Trading Partner profile setting can override the value. Required if Use proxy server is Yes. Use Proxy Basic Authentication Proxy server requires basic authentication. If Yes, a trading partner profile is necessary because user credentials are obtained from the profile. Required.
Parameters Passed from Business Process to Service
|Host name or IP address||Trading partner server domain name or IP address. Required.|
|Port||Port supporting SSL protocol. Required.|
|SSL Mode||Modes are available only for FTPS. Required.|
|Protocol||Protocol that is supported by trading partner server SSL connection. Required.|
Parameters Passed from Service to Business Process
|Certificate [0-n]||SSL certificate that the adapter fetched.|
Business Process Example
The following example illustrates Cert Capture Utility.
The SSLCertGrabber adapter connects to the Trading partner FTP Host by using: TP_HOST and TP_PORT. The adapter then obtains certificates of the same server and extracts them to the local system to manually verify the certificates. Later they can be checked into Sterling B2B Integrator to carry on future transactions with Trading Partner Server.
A BP is created which invokes the default business process SSLCertGrabberAdapterBP that is provided in Sterling B2B Integrator. The host address TP_HOST and port number TP_PORT are provided as input to the BP using assign statements. The connection attempt is made by the SSLCertGrabber adapter. The SSLCertGrabber adapter fetches the certificates of the business server.
Assumption: TP_HOST exists, TP_PORT exists, SSLCertGrabber adapter is SSL is enabled, and the SSLCertGrabber adapter supports explicit mode.
<process name="SSLCertGrabberAndExtractor_FTPS"> <sequence name="Sequence Start"> <operation name="Invoke Business Process Service"> <participant name="InlineInvokeBusinessProcessService"/> <output message="InvokeBusinessProcessServiceTypeInputMessage"> <assign to="." from="*"></assign> <assign to="WFD_NAME">SSLCertGrabberAdapterBP</assign> </output> <input message="inmsg"> <assign to="." from="*"></assign> <assign to="RemoteHost">TP_HOST</assign> <assign to="RemotePort">TP_PORT</assign> <assign to="SSLMode">FTPS</assign> <assign to="Protocol">Explicit</assign> </input> </operation> <assign to="PrimaryDocument" from="Certificate1/@*" append="false"/> </sequence> </process>