Node Configuration Overview
Before you begin using Connect:Direct® Secure Plus, you must configure nodes for secure operations.
When you import the network map records into the Secure+ parameters file, Connect:Direct Secure Plus parameters are disabled. To configure the nodes for Connect:Direct Secure Plus, complete the following procedures:
- Import existing Certificates.
- Configure or create a new CMS Key Store through the Key Management menu on the Secure+ Admin Tool.
- Configure the Connect:Direct Secure Plus .Local
Define the security options for the local node. Because TLS and SSL provide the strongest authentication with easy-to-maintain keys, configure the local node for one of these protocols. Determine which protocol is used by most trading partners and configure the local node with this protocol.
- Disable remote nodes that do not use Connect:Direct Secure Plus
- Customize a remote node for the following configurations:
- To use a unique certificate file to authenticate a trading partner
- To use a different self-signed or CA-signed certificate for client or server authentication
- To identify a unique cipher suite used by a trading partner
- To activate common name validation
- To activate client authentication
- To enable FIPS 140-2 mode
- To activate external authentication
- Configure all remote nodes that use a protocol that is not defined
in the local node
When you configure the local node, all remote nodes are automatically configured to the protocol defined in the local node. If a trading partner uses a different protocol, you must turn on the protocol in the remote node record. For example, if you activate the TLS protocol in the .Local node record and a trading partner uses the SSL protocol, configure the SSL protocol in the remote node record for the trading partner.