Adding a 2-Way SSL/TLS Certificate for a Partner

• Use one inbound channel per partner when you use a 2-Way SSL certificate for the document exchanges.
  Important: The default port number for the 2-Way SSL/TLS exchanges is 8443. Append this port number along with the hostname in the inbound channel URL. For example, https://hostname:8443/b2b/routes/channel/channel\_ID.

  If you do not use this port number, the transactions are processed in default mode (that is, without certificate validation).

• Verify that you have the communication credentials.

1. On the Manage partners page, select the partner profile to add a certificate set.
2. On the Partner profile page, click Add on the Certificates card and select 2-Way SSL/TLS.
3. On the Configure 2-Way SSL/TLS for a partner page, select the source of the 2-Way SSL/TLS certificate:

   Source	Description
   Generate	Select the Generate to create a 2-Way SSL/TLS certificate for the partner. The partner information that you already added is auto-filled when you generate the certificate. For more information, see Source of Information Auto-Filled During Certificate Generation. Click to modify the partner information to generate the certificate, the modification does not affect the partner information in the partner profile. Clear the field if you do not want to include any field information in the certificate. The supported formats to generate a 2-Way SSL/TLS certificate are .jks, .pfx, and .pkcs. A copy of the certificate automatically downloads into your system along with the public and private keys. webMethods B2B does not store the private key of the generated certificates. Only a copy of the public certificate remains with the system for authentications of inbound business documents. You can replace the certificate by uploading a new one. Note: The default password for the generated certificate is changeit. Change the default password.
   Upload	Select Upload to add an existing 2-Way SSL/TLS certificate. The certificate is validated and then applied for all upcoming interactions.

4. Click Save.

After you configure the 2-Way SSL/TLS certificate for a partner, a partner can send the inbound documents to webMethods B2B with channel URLs appended with port 8443.

To test the following instructions, use any software with which you can post an HTTP request to webMethods B2B after it generates a 2-Way SSL/TLS certificate. In the following example, a document is sent to a channel that is associated with partner1, by using a 2-way SSL certificate with the Postman REST client.

1. Open the Postman REST client, click Settings > Certificates, and click Add Certificate. Configure the 2-Way SSL/TLS certificate for the post operation by adding the hostname and the 2-Way SSL/TLS port number. Upload the 2-Way SSL/TLS certificate with which the document exchange is authenticated for the documents that is sent to partner1.
2. Post a document payload to the channel endpoint that is associated with partner1.

   

3. Ensure that you post the document with the header information. In this example, the document payload is sent to an AS2 channel. An EDIINT AS2 identity type exists in the partner profile of Partner1.
4. Click Send to post the document payload to partner1.

   

The information that is automatically completed during the certificate generation process is taken from the Partner profile of the selected business partner. The following table lists where the field information is selected from.

You can also update the certificate either by adding a certificate or modifying the field content and regenerating the 2-Way SSL/TLS certificate.

Click to download a copy of the public certificate to your local system.

You can download the available certificate only in .crt format. If your browser downloads the certificate in a compressed file format (for example, .zip format), then rename the certificate file to have only the .crt file extension.