Enabling Command Line 2 (CLA2) adapter with TLS configuration on a Docker setup

You must configure the CLA2 Adapter System Authentication Certificate and the CLA2 Server SSL Public CA Certificate for a secure connection between CLA2 Adapter and Server in Sterling B2B Integrator.

By default, the system generates the cla2auth and cla2ssl certificates. You need to create new certificates and not use the default ones to configure them on Docker.

Configuring the CLA2 Adapter System Authentication Certificate

Follow these steps to configure the CLA2 Adapter System Authentication Certificate:
  1. Create a new self-signed certificate in Sterling B2B Integrator instead of the default cla2auth certificate.
    1. From Sterling B2B Integrator Administration menu, select Trading Partner > Digital Certificates > System > Create > Self-signed Certificate > Go!.
    2. Provide these values to create the new certificate:
      • Name = new_cla2auth_name
      • Organization = new_cla2auth_org
      • Duration (days)=735
      • Key Length=2048
      • Signing Algorithm=SHA256withRSA
    3. Click Next > Finish.
  2. Export the new certificate new_cla2auth_name.
    1. From Sterling B2B Integrator Administration menu, select Trading Partner > Digital Certificates > System > Search > new_cla2auth_name > Go!.
    2. Check out > Format=DER > Go!.
    3. Save the new certificate file as new_cla2auth_name.der.
  3. Import the new certificate new_cla2auth_name to CLA2 Server keystore.
    1. Transfer new_cla2auth_name.der to the CLA2 Server system.
    2. Use the keytool to import the certificate.
      
jdk/bin/keytool -import -v -file new_cla2auth_name.der -alias new_cla2auth_name -keystore client/cmdline2/
cla2_KeyStore.jks -storepass CLA2ServerKeyStorePassword

Configuring the CLA2 Server SSL Public CA Certificate

Follow the steps to configure the CLA2 Server SSL Public CA Certificate:
  1. Create a self-signed certificate in Sterling B2B Integrator instead of the default cla2ssl certificate and add it to the CLA2 Server keystore using the keytool.
    
jdk/bin/keytool -genkeypair -v -alias new_cla2ssl_name -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -dname 
"C=US, O=Sterling, CN=new_cla2ssl_name" -validity 735 -keypass CLA2ServerKeyStorePassword -keystore 
client/cmdline2/cla2_KeyStore.jks -storepass CLA2ServerKeyStorePassword
  2. Export the new certificate new_cla2ssl_name from CLA2 Server keystore using the keytool.
    
 jdk/bin/keytool -export -v -alias new_cla2ssl_name -keystore client/cmdline2/cla2_KeyStore.jks -storepass 
 CLA2ServerKeyStorePassword-file new_cla2ssl_name.cert
  3. Check in the new certificate new_cla2ssl_name as the new CA certificate in Sterling B2B Integrator.
    1. Transfer new_cla2ssl_name.cert to the Sterling B2B Integrator server.
    2. From Sterling B2B Integrator Administration menu, select Trading Partner > Digital Certificates > System > Create > Self-signed Certificate > Go!.
    3. Import from File > Filename > new_cla2ssl_name.cert (no Password).
    4. Click Next > Finish.
  4. Verify that only one keyEntry is listed in the CLA2 Server keystore.
    1. Use the keytool to list the contents of the CLA2 Server keystore.
      
jdk/bin/keytool -list -v -keystore client/cmdline2/cla2_KeyStore.jks -storepass CLA2ServerKeyStorePassword
    2. Identify the aliases of the Entry type: key Entry.
    3. Use the keytool to delete all but the new new_cla2ssl_name from the CLA2 Server keystore.
      
For example: To delete an old keyEntry with the alias cla2ssl:
jdk/bin/keytool -delete -v -keystore client/cmdline2/cla2_KeyStore.jks -storepass 
CLA2ServerKeyStorePassword -alias cla2ssl

Reconfiguring Sterling B2B Integrator services to use the newly created CLA2 Adapter System Authentication Certificate and the CLA2 Server SSL Public CA Certificate

Follow the steps below to reconfigure Sterling B2B Integrator services to use the newly created CLA2 Adapter System Authentication Certificate and the CLA2 Server SSL Public CA Certificates:
  1. From the Sterling B2B Integrator dashboard, select Deployment > Configuration > List > Search by Service Type > Command Line Adapter 2 > Go! > Edit.
  2. Provide these values:
    • Properties: System Authentication Certificate: new_cla2auth_name
    • SSL options: SSL Public CA Certificate: new_cla2ssl_name
  3. Click Confirm > Finish.

Updating CLA2 Server configuration

Follow the steps below to update CLA2 Sever configuration:
  1. Verify the following parameters in <isbi-install>properties/CmdLine2server.properties.
    • keystoreLocation=<isbi-install-path>/client/cmdline2/cla2_KeyStore.jks
    • keystorePassword=CRYPTED:EI++...=
    • publicCertAlias=new_cla2auth_name
    • signatureAlgorithm=SHA256withRSA
    • SSLCertificateName=new_cla2ssl_name
  2. Restart the CLA2 Server.
    • call <isbi-install-path>/bin/stopCmdLine2.sh
    • call <isbi-install-path>/bin/startCmdLine2.sh
    • verify logs/cla2server.log

Verifying the Business Process

Run the Business Process in Sterling B2B Integrator.
  • Verify the latest logs/cla2server.log.D*T*
  • Verify the latest logs/cla2client.log.D*T*