OS4X Core - Updating OFTP2 certificate

From OS4X
Revision as of 07:53, 26 November 2013 by Admin (talk | contribs)
Jump to navigation Jump to search

Abstract

Sometimes it's necessary to update partner's or your certificate information due to several reasons:

  • Expiration of certificate
  • New certificate due to changed information
  • Change of the used CA
  • other reasons

In every case, you may change settings depending on some configuration situations. These are explained within this article.

Identify what to update

There are two major parts involved in certificates:

  1. TLS: Transport Layer Security. Offering a secure, encrypted TCP/IP connection, this mechanism is involved in server (and optionally: client) certificates, CRLs and trusted certificate information.
  2. OFTP2 security options: Using any of the OFTP2 options for secure authentification, file encryption, file signing or signed EERPs, you need to handle certificates per partner. Information like CRLs and trusted certificate are the basis for all operatione.

Basis for all secure operations are the trust of certificates. OS4X manages trust globally via the "trusted certificates", which are maintained in several ways:

  • Automatically via TSL (a signed XML information hosted at Odette, containing a list of all trusted certificate authorities). Every OFTP2 system which is certified by Odette must be able to interpret this TSL, too.
  • Manually via uploaded certificates in the "trusted certificates".