Node Configuration Overview

Before you begin using Connect:Direct® Secure Plus, you must configure nodes for secure operations.

When you import the network map records into the Secure+ parameters file, Connect:Direct Secure Plus parameters are disabled. To configure the nodes for Connect:Direct Secure Plus, complete the following procedures:

  • Import existing Certificates.
  • Configure or create a new CMS Key Store through the Key Management menu on the Secure+ Admin Tool.
  • Configure the Connect:Direct Secure Plus .Local node record

    Define the security options for the local node. Because TLS and SSL provide the strongest authentication with easy-to-maintain keys, configure the local node for one of these protocols. Determine which protocol is used by most trading partners and configure the local node with this protocol.

  • Disable remote nodes that do not use Connect:Direct Secure Plus
  • Customize a remote node for the following configurations:
    • To use a unique certificate file to authenticate a trading partner
    • To use a different self-signed or CA-signed certificate for client or server authentication
    • To identify a unique cipher suite used by a trading partner
    • To activate common name validation
    • To activate client authentication
    • To enable FIPS 140-2 mode
    • To activate external authentication
  • Configure all remote nodes that use a protocol that is not defined in the local node

    When you configure the local node, all remote nodes are automatically configured to the protocol defined in the local node. If a trading partner uses a different protocol, you must turn on the protocol in the remote node record. For example, if you activate the TLS protocol in the .Local node record and a trading partner uses the SSL protocol, configure the SSL protocol in the remote node record for the trading partner.