Certificates for Verifying, Signing, Encrypting, and Decrypting Documents and Authenticating Connections
Trading Networks certificate sets consist of sign/verify, encrypt/decrypt, and Secure Sockets Layer (SSL) authentication certificates. You can use a single set of certificates for all partners, or you can use a unique set of certificates for each sender/receiver pair (or selected pairs). For example, you can use one set of certificates for sending documents from A to B, and a different set of certificates for sending documents from C to A.
When you define your profile and the profiles of your trading partners, you specify the following kinds of certificates in the sender or receiver profiles:
The table lists the certificate action based on the profile and the intended purpose:
Certificate Action | Profile Type | Purpose |
Sign | Sender’s profile | When you sign a document to send to a partner, Trading Networks looks at your profile to see if it contains the specific private key to use to sign the document. |
Verify | Sender’s profile | When a partner sends a document to you, Trading Networks looks at the sender’s profile to see if it contains the specific public certificate to use to verify the document. |
Encrypt | Receiver’s profile | When you encrypt a document to send to a partner, Trading Networks looks at the receiver's profile to see if it contains the specific public certificate to use to encrypt the document. |
Decrypt | Receiver’s profile | When a partner sends an encrypted document to you, Trading Networks looks at your profile to see if it contains the specific private key to use to decrypt the document. |
SSL | Sender’s profile | This certificate represents the partner’s authentication credentials when making an SSL connection with Integration Server. |
Certificates associated with partner profiles are stored in separate files in the Trading Networks database. Certificates associated with Enterprise profiles are stored in keystore files on Integration Server.
Keystores consist of one or more pairs of private keys and signed certificates for their corresponding public keys. Each key pair is identified by a unique key alias. Keystores are identified by a unique keystore alias.
You create and edit keystore aliases for certificates associated with Enterprise profiles from the Security > Keystore panel in Integration Server Administrator. You create key aliases to identify specific keys within a keystore using a third-party certificate management tool.
For more information about keystores and certificates, see webMethods Integration Server Administrator’s Guide.