Customize Remote Node Records

After you configure the .Local node record, Connect:Direct® Secure Plus enables the protocol and parameters that you configured for the local node for all remote node records. If all trading partners use the protocol and configuration defined in the .Local node record, you are now ready to begin using Connect:Direct Secure Plus.

However, even when a trading partner uses the same protocol as the one defined in the .Local node record, you may need to customize remote node records for the following configurations:

  • Using a unique certificate file to authenticate a trading partner—During a TLS session, a certificate enables the PNODE to authenticate the SNODE. You identified a certificate in the .Local node record. If you want to use a unique certificate to authenticate a trading partner, you must identify this information in the remote node record.
  • Using a self-signed certificate file to authenticate a trading partner—During a TLS session, a certificate enables the PNODE to authenticate the SNODE. If you want to use a self-signed certificate to authenticate a trading partner, you must identify this information in the remote node record.
  • —Client authentication requires that the SNODE validate the PNODE. If you want to enable client authentication, activate this feature in the remote node record.
  • Activating common name authentication—If you want another layer of security, you can activate the ability to validate the certificate common name by specifying the common name expected to be in the identity certificate received, either by the PNODE from the SNODE, or, when client authentication is enabled, by the SNODE from the PNODE.
  • Identifying the cipher suite used by a trading partner—When configuring the TLS protocol, you enable cipher suites that are used to encrypt the transmitted data. When communicating with a trading partner, you and the trading partner must use the same cipher suite to encrypt data. If the trading partner does not enable a cipher suite that is enabled in your configuration, communication fails. If necessary, enable cipher suites in the remote node record.