OS4X Core - OFTP2 getting started
In order to use the most-actual communication protocol OFTP2, you have to investigate several options.
Certificate
OFTP2 is based on X509v3 certificates with special options contained in them. When using such an OFTP2 certificate, you have to decide from which issuer (from which CA; Certificate Authority) you order your certificate. Many profit-oriented companies exist in the world, also non-profit organisations. The key thing on certificates is:
Is the issuer trusted by my communication partner(s)?
So you have to deal with the question, who your provider of your OFTP2 certificate is.
Every certified (by Odette) OFTP2 system on the market must be able to support a TSL, a list of CAs which are trusted by default. Odette is hoster of the most commonly TSL in the OFTP2 world. In this TSL, a growing number of CAs are included which every major OFTP2 installation should trust. So, if your certificate is issued by a CA included in the Odette TSL, you're on the best way for a seamless usage of your certificate.
Security options
OFTP2 offers a wide range of security options, which are:
- encrypted TCP/IP communication, aka. TLS ("Transport Layer Security"; the successor of SSLv3)
- secure authentification
- file encryption
- file compression
- file signing
- signed EERPs ("End to End ResPonse"; file transfer acknowledgement)
Every single option is optional, but most commonly the TLS layer is the basis for a secure OFTP2 communication. Every option (except of the compression) can(!) be handled with a single different certificate, but most commonly the certificate used for every operation is the same. If you want an extremely complex situation, you can implement a configuration where different certifiates can be used for every single operation for every single partner. (This is an recommendation: use one certificate for all operations. You'll ease up you administrative live.)