Automatic certificate exchange

<< Click to Display Table of Contents >>

Navigation:  Data transfer > OFTP > OFTP2 >

Automatic certificate exchange

!MC5 supports the automatic certificate exchange according to OFTP2 Implementation Guidelines. This allows certificates to be exchanged directly via OFTP2: Certificates can be transmitted, requested and recalled even without having imported a partner certificate before. However, it is still necessary to exchange information about the certificates used in advance, since only certificates that are already known can be replaced by new ones. In order to use the automatic certificate exchange with a partner, this must be explicitly activated in the partner settings beforehand.

 

Initial partner setup for automatic certificate exchange

 

1 Open the partner management and edit the corresponding partner.

2 In the partners settings open the page Security.

3 Enable the option Enable automatic certificate exchange (ACX/SCX/PDX) in the box Partner certificates.

AutoCert_001

4 Click the button Add certificate.

AutoCert_002

5 Select the option Enter certificate identification data.

AutoCert_003

6 Enter the subject of the partners certificate in the form "CN=oftp2.bartschsoft.com,C=DE,O=Bartsch Software,[...]". You should have received this information from your partner. Alternatively you can enter only the common name of the partners certificate. In most cases the common name is identical to the host name of the partners OFTP2 system, e.g. "oftp2.bartschsoft.com".

AutoCert_004

7 Select the issuer of the partners certificate. Again you should have received this information from your partner. Only issuers known to !MC5 are available. If the partner uses an issuer not listed, you have to install the issuer certificate(s) via Settings / !MC5 / Security / Certificates.

AutoCert_005

8 If the partner explicitly requires certain key usages those can be entered using the button Show key usages.

Direct use of partner certificate

Instead of entering the certificate information you can directly use the partners certificate. This also allows usage of the automatic certificate exchange with some limitations. If you use the partners certificate directly you might not be able to send or receive certificates from the partner before the partner also enters your certificate in his system. If both sides only enter certificate information an exchange of certificates is possible bypassing secure OFTP2 authentication. This is needed, as secure authentication would require a certificate to be present. But as soon as a certificate is present this bypass isn't possible any more. So when using the automatic certificate exchange you and your partner have to agree as to what way for the initial setup has to be used.

9 Click Next and select the usages for the selected certificate, then click Finish.

AutoCert_006

10 The partner is now configured for automatic certificate exchange. The certificate information are displayed blue and using a different icon. The can be edited any time using the edit function. Save the changes by clicking OK.

AutoCert_007

11 Now you can deliver or request certificates to or from a partner using the button Send or request certificates in the partner management.

AutoCert_008