Create a Self-Signed Certificate

You can create a self-signed certificate from the Administration menu.

Check in the public part of the self-signed certificate into the Trusted store of Sterling B2B Integrator. To create a self-signed certificate:

  1. Choose one of the following options:
    • If you use Sterling B2B Integrator, from the Administration Menu, select Trading Partner > Digital Certificates > System.
    • If you use the AS2 Edition, from the AS2 Administration menu, select Certificates.
  2. Next to Create Self-signed Certificate, click Go!
  3. Enter the Name of the self-signed certificate.
  4. Enter the name of the Organization.
  5. Select the Country or origin of the self-signed certificate.
  6. Enter a contact e-mail address for the person responsible for certificates in the organization and then click Next.
  7. Enter the Serial Number for the certificate.
    The serial number is the number you want to assign to the self-signed certificate.
  8. Enter the Duration (number of days) that the self-signed certificate is valid.
  9. Enter the IP addresses of the network interfaces you want to associate with the certificate as the SubjectAltName field.
  10. Enter the DNS Names of the network interfaces you want to associate with the certificate as the SubjectAltName field.
  11. Select the Key Length. Select one of the following key lengths:
    • 512
    • 1024
    • 2048
    Note: The key length 1024 provides a good balance between security, interoperability, and efficiency. The key length 2048 is the most secure, but also the slowest, and may not work with some applications. For information about defining EBICS-specific key lengths for electronic signature, encryption, and authentication, see EBICS Specification, version 2.5.
    Note: If you select the key length 512, you must check for JDK restrictions on the key length in the java.security file in the JDK. In case of Sterling B2B Integrator V5.2.6.1 or later, if you select the key length 512, protocol communication might fail during run time.
  12. Select the Signing Algorithm.
    Note: You must use the SHA256withRSA signing algorithm for certificates used with EBICS transactions.
  13. Select the Validate When Used option. Validation options are:
    • Validity – Verifies dates in the validity period of the certificate are still in effect. If the dates are not in effect, the certificate is not used.
      Note: Before you set a value to the validity period of the certificate, you must read and apply the best practice recommendations from the Microsoft PKI Quick Guide. For information about the best practice recommendations for using certificates, see http://www.windowsecurity.com/articles/Microsoft-PKI-Quick-Guide-Part3.html.
    • Auth Chain – Constructs a chain of trust for certificates that are not self-signed. If a chain of trust cannot be constructed using valid certificates, the certificate is not used. If the certificate is self-signed, this option verifies only the certificate signature.
  14. Set the Certificate Signing Bit by selecting the check box.
  15. Click Next.
  16. Review the information about the self-signed certificate.
  17. Click Finish.