How Does a Secondary Certificate Work for SSL Certificates?

You can upload up to two certificate sets each (referred to as the primary and secondary certificate sets for SSL certificate types. The certificate that you add first for each usage is considered as the primary certificate set. When a primary certificate expires, IBM webMethods B2B continues to process documents by switching to the secondary set.

IBM webMethods B2B automatically switches to the secondary set when any of the following situation occurs:

• The primary certificate expires, but the secondary certificate has not.
• The receiver's sign-verify, or SSL primary certificate set does not match the sender's sign-verify or SSL certificate set.

NOTE Secondary certificates are not used to sign-verify, encrypt-decrypt, or SSL usages for any document received over any AS2 channel. To work around this issue, ensure that only valid certificates are set as primary certificates.

For detailed explanation on how the automatic switching occurs, see Certificates Overview for Secure Communication Between Business Partners.