You can insert, update, and retrieve certificates present in the Sterling B2B Integrator repository.
You can insert a base64-encoded certificate (public or private) and import and export certificates into the Sterling B2B Integrator repository.
- Create a self-signed certificate with the key length 2048 for EBICS
- Manage CA certificates
- Store certificates, and manage the renewal and expiration of certificates
- Accept a public certificate of a user
- Validate the following subscriber keys using SHA256 as the hash algorithm:
- Identification and Authentication Key Hash Value (in Hex format)
- Encryption Key Hash Value (in Hex format)
- Electronic Signature Key Hash Value (in Hex format)
Use the EBICS Export Certificate service to export the certificates present in Sterling B2B Integrator to an external system. Use this service when you want to synchronize the certificates present in Sterling B2B Integrator with an external database or system.
Use the EBICS Import Certificate service to add certificates from an external repository to Sterling B2B Integrator. You can also delete the expired or invalid certificates.
Functions of the Key Manager
- Duplicate Key Validation - The certificate used for authentication or encryption cannot be the same as the ES certificate. Use a unique set of keys for authentication or encryption and signing.
- X.509 Key Usage Extension – EBICS Banking Server supports the use of X.509 as the key usage extension.
- OCSP and CRL certificate verification
The Key Manager manages the certificates in the Sterling B2B Integrator repository. It inserts, updates, and retrieves certificates in the Sterling B2B Integrator repository and runs functions such as, calculating the hash value of the certificate, on the certificates.
The Key Manager validates the client certificates checked into the server before they can be used. You must obtain the CA-signed certificates from a Certificate Authority. In a CA-signed certificate, the issuer signs the certificate. To verify the authenticity of the user certificate, the EBICS Banking Server performs chained signature verification up to the root CA certificate.
The EBICS administrator must check in the CA-signed certificates and Intermediate CA-signed certificates in the Sterling B2B Integrator CA certificate store before commencing the EBICS transactions.
- Authentication certificate
- Encryption certificate
- Electronic Signature (ES) certificate
The public key of the authentication certificate is used to verify digital signatures. Authentication certificates can be either CA-signed or self-signed. The value of the key usage field for an authentication certificate is Digital Signature. A digital signature is used for entity authentication and data origin authentication with integrity.
The public key of the encryption certificate is used to encrypt order data. Encryption certificates can be either CA-signed or self-signed. The value of the key usage field for an encryption certificate is Key Encipherment. In EBICS, a symmetric key is used to stream encrypted or decrypted order data. The symmetric key is encrypted with the public key value of encryption certificate for transportation. Key Encipherment is used when a certificate with a protocol that encrypts keys exists.
- Transport Signature – can be CA-signed or self-signed
- Personal Signature – must be CA-signed