Node Configuration Overview
When you import the network map records into the Connect:Direct® Secure Plus parameters file, Connect:Direct Secure Plus parameters are disabled and you will need to configure the .Local node record.
- Import existing Certificates.
- Configure or create a new CMS Key Store through the Key Management menu on the Secure+ Admin Tool.
- Configure the Connect:Direct Secure Plus .Local node record.
Define the security options for the local node. Because TLS provide the strongest authentication with easy-to-maintain keys, configure the local node for one of these protocols. Determine which protocol is used by most trading partners and configure the local node with this protocol.
- Disable remote nodes that do not use Connect:Direct Secure Plus
- Customize a remote node for the following configurations:
- To use a unique certificate file to authenticate a trading partner
- To use a different self-signed certificate for client or server authentication
- To identify a unique cipher suite used by a trading partner
- To activate common name validation
- To activate client authentication
- To activate external authentication
- Configure all remote nodes that use a protocol that is not defined
in the local node
When you configure the local node, all remote nodes are automatically configured to the protocol defined in the local node. If a trading partner uses a different protocol, you must turn on the protocol in the remote node record. For example, if you activate the TLS protocol in the .Local node record and a trading partner uses the SSL protocol, configure the SSL protocol in the remote node record for the trading partner.
- If you want to use External Authentication Server to
- Update the .SEAServer record with the External Authentication Server host name and port
- Enable TLS
- Enable external authentication
- Specify the certificate validation definition to use
- If you want to prevent non-secure API connections from communicating
with a Connect:Direct Secure Plus enabled
- Define a remote node called .Client
- Enable TLS
- Disable override