Create a Bank Profile

EBICS Server supports creating bank configuration using RSA Keys and X509 Certificates. A bank profile includes the EBICS host information.

Creating RSA Keys
  • Use the openssl tool to create 2 sets of certificates one each for Authentication and Encryption.
  • Use the commands listed below to create the certificates - 
    
openssl genpkey -outform DER -out hostRSAAuthPrivate.key -algorithm RSA -pkeyopt
rsa_keygen_bits:2048
openssl rsa -inform DER -in hostRSAAuthPrivate.key -pubout -outform DER -out
hostRSAAuthPublic.der
openssl pkcs8 -topk8 -inform DER -in hostRSAAuthPrivate.key -outform DER -nocrypt -out
hostRSAAuthPrivate_pkcs8.key
  • Move the <KeyName> _pkcs8.key files along with their respective <CertName>.der files to the local file system.
Creating HTTPS Certificate for EBICS Server HTTPS Communication

If a CA issued certificate is available, check in the pfx or p12 file into Trading Partner > Digital Certificates > System and the CA root certificate into Trading Partner > Digital Certificates > CA.

Alternatively, you can create a self signed certificate under Trading Partner > Digital Certificates > System.

Creating EBICS HTTP Server Adapter

Under Deployment > Services > Configuration, search for EBICS HTTP Server Adapter. click Copy, rename it and give the port number on which EBICS Server accepts requests from the EBICS Clients. Under this configuration, select Use SSL to configure the EBICS Server for HTTPS configuration.

In the next page, select the system certificate, which is created during the previous step.

To change the default URI, delete the EBICSRequest and create a custom URI with business process to be run as handleEBICSRequest.

To create a bank profile, complete the following steps:

  1. Log in to Sterling B2B Integrator.
  2. From the Administration menu, select EBICS > Subscription Manager > Profile Manager > Bank Configuration.
  3. In the Bank Configuration page, click Go next to Create New Bank.
  4. In the Bank Configuration page, enter the values for the fields listed in the following table and click Next.
    Field Description
    Bank ID (Host ID) Required. Specify a unique ID for the bank in the bank's system.
    Note: You must use the SWIFT-BIC (Bank Identifier Code) format for specifying the bank ID. If you do not specify the bank ID in the recommended SWIFT-BIC format, the Payment Status Report (.PSR) report is not generated.
    Bank Name Required. Specify the name of the bank.
    Address Line 1 Optional. Specify the address of the bank.
    Address Line 2 Optional. Specify the address of the bank.
    City Optional. Pertains to address of the bank. Specify the name of the city.
    State or Province Optional. Specify the name of the state or province.
    Country/Region Optional. Select the country or region.
    Zip or Postal Code Optional. Specify the zip code or postal code.
    Time Zone Optional. Select the time zone.
    E-mail Address Optional. Specify the e-mail address of the bank.
    Telephone Number Optional. Specify the phone number with country code and state code.
    Certificate type Required. Specifies the Certificate type. Valid values are Keys or X509.
    Important: It is mandatory to select X509 as the Certificate Type for H005 protocol version.
  5. In the Bank Technical Information page, enter the values for the fields listed in the following table and click Next.
    Field Description
    Encryption Private Certificate Required. Specify the key used by the bank to decrypt inbound order data. The key must be a Sterling B2B Integrator system certificate. The bank must distribute the public part of the key to its EBICS partners and users.
    Encryption Public Certificate Required. Specify the key to enable sending of encrypted requests to the EBICS Banking Server. The key is distributed by the EBICS Banking Server. The bank must distribute the public part of the key to its EBICS partners and users. The key must be a public part of the Sterling B2B Integrator system certificate.
    Authentication Private Certificate Required. Specify the private key used by the bank to create the digital signature in the response sent to the EBICS partners and users. The partners and users must have the public part of the key to validate the authorization. The key must be a Sterling B2B Integrator system certificate.
    Authentication Public Certificate Required. Specify the key the bank provides to the user to validate the authorization of the response received from the EBICS Banking Server. The key is distributed by the EBICS Banking Server. The key must be a public part of the Sterling B2B Integrator system certificate.
    Maximum Recovery Attempts Required. Specify the number of recovery attempts for a transaction. The default value is 0, which indicates that there is no recovery.
    Maximum No. of Sign Allowed Required. Specify the maximum number of personal signatures allowed for each order type or file format in the contract. The default value is 2. If the value is set to 0, no personal signature is required for the contracts of the bank.
    Allow Prevalidation Optional. Select this check box to allow preliminary verification of the account authorization, account limit, Electronic Signature, and other data, which are a part of the first transaction step. By default, this option is selected.
    Support Client Download Optional. Client Data Download. Select this check box to support the order types HKD and HTD.
    Support Order Download Optional. Downloadable order data. Select this check box to support the order type HAA.
    Persist X509Data Optional. Select this check box to persistently store the user's X.509 data on the server. By default, this option is selected.
    Note: This is valid only for X509 certificate type.
    Note: If you select Certificate type as Keys, then you must use the keys generated using the openSSL tool for Encryption and Authentication of private or public keys.
  6. In the Bank URL page, perform any of the following actions:
    • Click add to add a new bank URL.
    • Click edit next to the bank URL you want to edit.
    • Click delete next to the bank URL you want to delete.
  7. This step is applicable only if you opted to add a new bank URL. In the Bank URL: Details page, specify values for the fields listed in the following table, and click Next.
    Field Description
    Bank URL Required. Specify the HTTP URL the bank will host. A bank can have multiple URLs with a minimum of one. The bank URL is given to a user for the user to send requests to the bank. The Uniform Resource Indicator (URI) is configured in the HTTP Server adapter to listen at the port, and receive EBICS requests, if any.
    Note: Each bank ID should have a unique port number or URI.
    Valid From Optional. Specify the date from which the URL or IP is valid in the MM/DD/YYYY format. Click the calendar icon to select the date.
  8. In the Bank Protocol page, perform any of the following actions:
    • Click add to add a new bank protocol.
    • Click edit next to the bank protocol you want to edit.
    • Click delete next to the bank protocol you want to delete.
  9. This step is applicable only if you opted to add a new bank protocol. In the Bank Protocol: Details page, specify the values for the fields listed in the following table, and click Next.
    Field Description
    Protocol Version Required. Select the schema version relevant to the supported EBICS version. Valid values are H005, H004 and H003, and H000. The default value is H003.
    Release Version The EBICS version supported by the bank and associated with the protocol version specified, is displayed.
  10. This step is applicable only if you added a new bank protocol. In the Bank Protocol: Bank Process page, perform any of the following actions:
    • Click add to add a new bank process.
    • Click edit next to the bank process you want to edit.
    • Click delete next to the bank process you want to delete.
  11. This step is applicable only if you opted to add a new bank process. In the Bank Process: Details page, specify the values for the fields listed in the following table, and click Next.
    Field Description
    Type Required. Select the process type. Valid values are:
    • Encryption
    • Signature
    • Authentication
    Version Required. Select the process version.
    • If you selected Encryption as the process type, the valid value is E002.
    • If you selected Signature as the process type, the valid values are A005 and A006.
    • If you selected Authentication as the process type, the valid value is X002.
  12. In the Bank Protocol: Bank Process page, click Next.
  13. In the Confirm page, verify the bank configuration settings.
    • Click Show All next to Bank URL Information to view the Bank URL settings.
    • Click Show All next to Bank Protocol Information/Bank Process Information to view the Protocol version, Release version, Bank Process type and Bank Process version.
    After verifying the bank configuration settings, click Finish.