Trading Networks 10.11 | Administering Trading Networks | Understanding webMethods Trading Networks | Security | Certificates for Verifying, Signing, Encrypting, and Decrypting Documents and Authenticating Connections
 
Certificates for Verifying, Signing, Encrypting, and Decrypting Documents and Authenticating Connections
 
Overlapping of Certificates
Verifying Digital Signatures
Digitally Signing Documents
Encrypting and Decrypting Data
Communicating Securely Using SSL
Trading Networks certificate sets consist of sign/verify, encrypt/decrypt, and Secure Sockets Layer (SSL) authentication certificates. You can use a single set of certificates for all partners, or you can use a unique set of certificates for each sender/receiver pair (or selected pairs). For example, you can use one set of certificates for sending documents from A to B, and a different set of certificates for sending documents from C to A.
When you define your profile and the profiles of your trading partners, you specify the following kinds of certificates in the sender or receiver profiles:
The table lists the certificate action based on the profile and the intended purpose:
Certificate Action
Profile Type
Purpose
Sign
Sender’s profile
When you sign a document to send to a partner, Trading Networks looks at your profile to see if it contains the specific private key to use to sign the document.
Verify
Sender’s profile
When a partner sends a document to you, Trading Networks looks at the sender’s profile to see if it contains the specific public certificate to use to verify the document.
Encrypt
Receiver’s profile
When you encrypt a document to send to a partner, Trading Networks looks at the receiver's profile to see if it contains the specific public certificate to use to encrypt the document.
Decrypt
Receiver’s profile
When a partner sends an encrypted document to you, Trading Networks looks at your profile to see if it contains the specific private key to use to decrypt the document.
SSL
Sender’s profile
This certificate represents the partner’s authentication credentials when making an SSL connection with Integration Server.
Certificates associated with partner profiles are stored in separate files in the Trading Networks database. Certificates associated with Enterprise profiles are stored in keystore files on Integration Server.
Keystores consist of one or more pairs of private keys and signed certificates for their corresponding public keys. Each key pair is identified by a unique key alias. Keystores are identified by a unique keystore alias.
You create and edit keystore aliases for certificates associated with Enterprise profiles from the Security > Keystore panel in Integration Server Administrator. You create key aliases to identify specific keys within a keystore using a third-party certificate management tool.
For more information about keystores and certificates, see webMethods Integration Server Administrator’s Guide.