Obtain Trusted Certificate Automatically from Trading Partners

The Certificate Capture Utility automates the process of obtaining an SSL certificate from a trading partner. This method of obtaining certificate information allows a partner to easily connect and save a certificate.

About this task

If desired, an out-of-band security check can then be made before the certificate is checked into the system as a CA or Trusted certificate.

Before you begin:
  • Verify that your partner's host system is SSL-enabled.
  • Obtain host and port information for your trading partner's server.
  • If FTPS mode will be used, determine whether mode will be explicit or implicit.
  • Configure the default SSLCertGrabberAdapter service instance to use the appropriate perimeter server and (HTTPS only) proxy server. See the adapter documentation for details.
Restriction: SSL client authentication is unsupported by the Certificate Capture Utility.

To obtain the SSL certificate automatically from a trading partner:

Procedure

  1. From the Administration Menu, select Trading Partner > Digital Certificates > Certificate Capture Utility.
  2. Next to Capture Partner Certificate, click Go!
  3. Select the connection type for the server and click Next.
    • FTPS
    • HTTPS
  4. Enter the Host name or IP address.
  5. Enter the Port number.
  6. Select the connection mode for FTPS (if you are using HTTPS, skip this step):
    • Explicit – SSL negotiation occurs after the FTP connection is established. Default.
    • Implicit – SSL negotiation occurs before the FTP connection is established.
  7. Click Next.
    The system attempts to connect and retrieve certificates.
  8. After the capture is complete, review the summary information and decide which certificates you want to save.
  9. Select an encoding method for each certificate and click Save. Encoding formats are:
    • BASE64 – Uses BASE64 encoding on the standard DER certificate. Default.
    • DER – Standard format for digital certificates, accepted by most applications.
  10. Click Save and browse to the location where you want to save the file.
  11. Accept the default file name or edit it according to your file naming conventions and click Save.
  12. After saving, the certificates may be checked in into the system. If you decide to check a certificate into the system:
    1. Verify that each certificate is valid and trusted.
    2. Check in the certificate as a CA or a Trusted certificate, depending on function. For Certificate Authority-based trust, you may need to check in the certificate chain, excluding the end user certificate. For direct trust, check in the end user certificate.