Node Configuration Overview

When you import the network map records into the Connect:Direct® Secure Plus parameters file, Connect:Direct Secure Plus parameters are disabled and you will need to configure the .Local node record.

To configure the nodes, complete the following procedures:
  • Import existing Certificates.
  • Configure or create a new CMS Key Store through the Key Management menu on the Secure+ Admin Tool.
  • Configure the Connect:Direct Secure Plus .Local node record.

    Define the security options for the local node. Because TLS provide the strongest authentication with easy-to-maintain keys, configure the local node for one of these protocols. Determine which protocol is used by most trading partners and configure the local node with this protocol.

  • Disable remote nodes that do not use Connect:Direct Secure Plus
  • Customize a remote node for the following configurations:
    • To use a unique certificate file to authenticate a trading partner
    • To use a different self-signed certificate for client or server authentication
    • To identify a unique cipher suite used by a trading partner
    • To activate common name validation
    • To activate client authentication
    • To activate external authentication
  • Configure all remote nodes that use a protocol that is not defined in the local node

    When you configure the local node, all remote nodes are automatically configured to the protocol defined in the local node. If a trading partner uses a different protocol, you must turn on the protocol in the remote node record. For example, if you activate the TLS protocol in the .Local node record and a trading partner uses the SSL protocol, configure the SSL protocol in the remote node record for the trading partner.

  • If you want to use External Authentication Server to validate certificates:
    • Update the .SEAServer record with the External Authentication Server host name and port
    • Enable TLS
    • Enable external authentication
    • Specify the certificate validation definition to use
  • If you want to prevent non-secure API connections from communicating with a Connect:Direct Secure Plus enabled server:
    • Define a remote node called .Client
    • Enable TLS
    • Disable override