SSL Cert Grabber Adapter

The SSLCertGrabber adapter captures SSL certificates of trading partner servers that support HTTPS or FTPS protocols.

The following table provides an overview of the SSLCertGrabber adapter:

Category Description
System name SSLCertGrabber adapter
Graphical Process Modeler (GPM) category All Services
Description This adapter captures SSL certificates of trading partner servers supporting HTTPS or FTPS protocols.
Business usage The Cert Capture Utility Wizard uses this adapter to capture the certificates of the trading partner server with which future transactions might happen. Once the certificates of the HTTPS or FTPS server is obtained, they can be manually verified. The certificates are then checked in to the Sterling B2B Integrator System as Trusted or CA Certificate based on the certificate type.

The adapter parameters hostname and port name are taken from the User Interface (UI) wizard.
Usage example You must edit the Default service configuration to provide the connection parameters, such as, proxy information (if required) and Perimeter Server information. The UI wizard obtains the host name and port number of the trading partner server. The UI wizard then invokes a Sterling B2B Integrator Business Process that uses the adapter to fetch trading partner certificates.
Preconfigured? No. You must install and deploy the SSLCertGrabber adapter before it can be used.
Requires third-party files? No
Platform availability All Sterling B2B Integrator supported platforms
Related services None
Application requirements An HTTP or FTP server at the external trading partner location with SSL enabled.

When this adapter is configured with a non-local-mode Perimeter Server, the Perimeter Server must be installed and running. This Perimeter Server is installed in a DMZ environment, separated from Sterling B2B Integrator by a firewall. For more information about installing and running the adapter, see Perimeter Services.
Initiates business processes? No
Invocation
  1. A system business process (BP), SSLCertGrabberAdapterBP, is provided by Sterling B2B Integrator to invoke the SSLCertGrabber adapter
  2. A service instance with default configuration is also provided with Sterling B2B Integrator for this adapter.
  3. For changes in the parameters, the system provided service configuration can be edited to accommodate the changes.
Business process context considerations None
Returned status values Status values:
  • 0 - Success
  • 1 - Error
Restrictions None
Persistence level Default
Testing considerations Debug information for this adapter can be found in the SSLCertGrabberAdapter and Services log files.

Implementing the SSLCertGrabber Adapter

To implement the SSLCertGrabber adapter, complete the following tasks:
  1. Create an SSLCertGrabber adapter configuration. See Managing Services and Adapters.
  2. Configure the SSLCertGrabber adapter. See Configuring the SSLCertGrabber Adapter.

Configuring the SSLCertGrabber Adapter

To configure the SSLCertGrabber adapter:
  1. Select Deployment > Services > Configuration.
  2. Search for SSLCertGrabber adapter or select it from the list.
  3. Click Edit.
  4. Specify field settings:
    Field Description
    Name Name of this adapter in Sterling B2B Integrator. Required.
    Description Description of adapter. Required.
    Select a Group Select one of the options:
    • None – You do not want to include this configuration in a group at this time.
    • Create New Group – You can enter a name for a new group in this field. The new group is created along with this configuration.
    • Select Group – Groups that are already created are displayed in the list. Select a group from the list.
    Tip: For more information about groups, see Managing Services and Adapters.
    Local port range Local port range, which the client can use for established connection. Optional.
    Global Proxy Server Global proxy setting if local adapter proxy settings are not available. Optional.
    Number of connection retries Number of connection attempts for the adapter. Required.
    Delay between retries Delay before adapter attempts to establish connection. Required.
    Delay Waiting On IO Time the adapter waits for IO while establishing connection. Required.
    Use Proxy Server Proxy setting for the adapter (only valid for HTTPS). Required.
    Proxy Hostname IP address or host name of the target proxy server. Trading Partner profile setting can override the value. Required if Use proxy server is Yes.
    Proxy Port Port number of the target proxy server. Trading Partner profile setting can override the value. Required if Use proxy server is Yes.
    Proxy Retry Attempts Number of times the adapter attempts to connect to proxy server. Trading Partner profile setting can override the value. Required if Use proxy server is Yes.
    Use Proxy Basic Authentication Proxy server requires basic authentication. If Yes, a trading partner profile is necessary because user credentials are obtained from the profile. Required.

Parameters Passed from Business Process to Service

Field Description
Host name or IP address Trading partner server domain name or IP address. Required.
Port Port supporting SSL protocol. Required.
SSL Mode Modes are available only for FTPS. Required.
Protocol Protocol that is supported by trading partner server SSL connection. Required.

Parameters Passed from Service to Business Process

Field Description
Certificate [0-n] SSL certificate that the adapter fetched.

Business Process Example

The following example illustrates Cert Capture Utility.

The SSLCertGrabber adapter connects to the Trading partner FTP Host by using: TP_HOST and TP_PORT. The adapter then obtains certificates of the same server and extracts them to the local system to manually verify the certificates. Later they can be checked into Sterling B2B Integrator to carry on future transactions with Trading Partner Server.

A BP is created which invokes the default business process SSLCertGrabberAdapterBP that is provided in Sterling B2B Integrator. The host address TP_HOST and port number TP_PORT are provided as input to the BP using assign statements. The connection attempt is made by the SSLCertGrabber adapter. The SSLCertGrabber adapter fetches the certificates of the business server.

Assumption: TP_HOST exists, TP_PORT exists, SSLCertGrabber adapter is SSL is enabled, and the SSLCertGrabber adapter supports explicit mode.

Important: For security reasons, do not use any of the following in your samples: actual machine name, server name, user name, domain names, IDs, URLs, directory paths, IP addresses, passwords, or any other secure information.
  <process name="SSLCertGrabberAndExtractor_FTPS">
  <sequence name="Sequence Start">
    <operation name="Invoke Business Process Service">
      <participant name="InlineInvokeBusinessProcessService"/>
      <output message="InvokeBusinessProcessServiceTypeInputMessage">
        <assign to="." from="*"></assign>
        <assign to="WFD_NAME">SSLCertGrabberAdapterBP</assign>
      </output>
      <input message="inmsg">
        <assign to="." from="*"></assign>
        <assign to="RemoteHost">TP_HOST</assign>
        <assign to="RemotePort">TP_PORT</assign>
        <assign to="SSLMode">FTPS</assign>
        <assign to="Protocol">Explicit</assign>
      </input>
    </operation>
    <assign to="PrimaryDocument" from="Certificate1/@*" append="false"/>
    </sequence>
</process>