Create a Self-Signed Certificate

A bank must create the encryption, and authentication and identification bank certificates in the Sterling B2B Integrator database.

About this task

To create a self-signed certificate, complete the following steps:

Procedure

  1. Log in to Sterling B2B Integrator.
  2. From the Administration menu, select Trading Partner > Digital Certificates > System .
  3. In the System Certificates page, click Go next to Create Self-Signed Certificate.
  4. In the Name field, enter the name of the self-signed certificate. This must be a unique and meaningful name.
  5. In the Organization field, enter the name of the originating organization.
  6. From the Country drop-down list, select the country or origin of the self-signed certificate.
  7. In the E-mail field, enter the e-mail address of the person responsible for the certificates in the organization.
  8. Click Next.
  9. In the Specification page, enter the serial number that you want to assign to the self-signed certificate, in the Serial Number field.
  10. In the Duration field, enter the number of days for which the self-signed certificate is valid.
  11. In the List of IP addresses Separated by Comma field, specify the IP addresses.
  12. In the List of DNS Names Separated by Comma field, specify the DNS names.
  13. From the Key Length drop-down list, select a key length (512, 1024, or 2048).
    Note: Use 2048 as the key length for EBICS.
  14. From the Signing Algorithm drop-down list, select the signing algorithm option:
    • SHA1withRSA - Use this for certificates used with EBICS transactions and TLS layer encryption (SSL).
    • SHA256withRSA (Recommended) - Use this for certificates used with EBICS transactions.
  15. Next to Validate When Used check box, select the validation option:
    • Validity – Verifies if the dates in the validity period of the certificate are still in effect or not. If the dates are not in effect, the certificate is not used.
      Note: Before you set a value to the validity period of the certificate, you should read and apply the best practice recommendations from the Microsoft PKI Quick Guide. For information about the best practice recommendations for using certificates, see http://www.windowsecurity.com/articles/Microsoft-PKI-Quick-Guide-Part3.html.
    • Auth Chain – Constructs a chain of trust for certificates that are not self-signed. If a chain of trust cannot be constructed using valid certificates, the certificate is not used. If the certificate is self-signed, this option verifies only the certificate signature.
  16. Select the Set the Certificate Signing bit check box.
  17. Click Next.
  18. In the Confirm page, verify the information pertaining to the self-signed certificate, and click Finish.
  19. Click Return to return to the System Certificates page.
    The bank certificates are now available for viewing and editing under Trading Partner > Digital Certificates > System under the Administration menu of Sterling B2B Integrator.