OS4X Core - Updating OFTP2 certificate
Abstract
Sometimes it's necessary to update partner's or your certificate information due to several reasons:
- Expiration of certificate
- New certificate due to changed information
- Change of the used CA
- other reasons
In every case, you may change settings depending on some configuration situations. These are explained within this article.
Identify what to update
There are two major parts involved in certificates:
- TLS: Transport Layer Security. Offering a secure, encrypted TCP/IP connection, this mechanism is involved in server (and optionally: client) certificates, CRLs and trusted certificate information.
- OFTP2 security options: Using any of the OFTP2 options for secure authentification, file encryption, file signing or signed EERPs, you need to handle certificates per partner. Information like CRLs and trusted certificate are the basis for all operatione.
Basis for all secure operations are the trust of certificates. OS4X manages trust globally via the "trusted certificates", which are maintained in several ways:
- Automatically via TSL (a signed XML information hosted at Odette, containing a list of all trusted certificate authorities). Every OFTP2 system which is certified by Odette must be able to interpret this TSL, too.
- Manuelly via uploaded certificates in the "trusted certificates".