Check in a CA Certificate

Based on security policies at your site, Certificate Authority (CA) certificates in the Java Key Store (JKS) can also be checked in through the console.

Before you begin, save any CA certificates that you obtained externally to a local file.

Check in all the certificates (identification and authentication, signing, and encryption) the EBICS Client user requires to transact with the bank. If a CA-signed certificate is used for configuring a user, then check in the Root CA certificate. If 3SKey is used for signing, then check in the Root 3SKey certificate. Check in the public part of the HTTPS certificate of the server into the CA store of Sterling B2B Integrator. For more information about managing digital certificates, see the Sterling B2B Integrator Security documentation.

To check in a CA certificate:

  1. Log in to Sterling B2B Integrator.
  2. From the Administration Menu, select Trading Partner > Digital Certificates > CA.
  3. Next to New Certificate, click Go!
  4. Select a method to import certificates:

    Import method

    Next Steps

    Import from JVM – Imports from the JKS keystore
    1. Click Import from JVM.
    2. Accept the default password that appears in the password field and click Next.

    If the password field is empty, the system still uses the default password.

    Import from File – Imports certificates saved as a file on a local drive
    1. Click Import from File.
    2. Enter the file name or click Browse to select a CA certificate file. Click Next.

    You may ignore the password that is displayed in the password field. There is no need to erase the entry.

    Available certificates are listed with a summary of identifying information. All certificates are selected by default.

  5. Select the check boxes to the left of each entry to import the certificates.
  6. For each certificate selected, accept the suggested Certificate Name or edit it based on your file naming conventions.
  7. Select the Validate When Used option and click Next. Validation options are:
    • Validity – Verifies dates in the validity period of the certificate are still in effect. If the dates are not in effect, the certificate is not used.
    • Auth Chain – Attempts to construct a chain of trust for certificates that are not self-signed. If a chain of trust cannot be constructed using valid certificates, the certificate is not used. If the certificate is self-signed, this option verifies only the certificate signature.
  8. If you receive a message stating that the certificate duplicates a certificate already in the database, enter Y or N to indicate whether to import the duplicate or not.

    This check is done on single certificates only. It does not take place when checking in one or more certificates from a file.

    Certificates are identified by SHA1 or SHA256 hash for purposes of determining duplicates. More than one copy of a certificate can be present in the database, since each certificate populates a different row and has a distinct object ID. The existing certificate is not overwritten.

  9. Review the CA certificate information.
  10. Click Finish.