Certificate exchange

Sometimes it is necessary to replace an existing certificate with a new one. Often this certificate is used by multiple or even a very large number of partners channels. This function allows you a central and bundled organisation of the replacement. It is possible to automatically send notifications to all affected partners and the replacement of the certificate will also be done automatically after the response of the respective partner is received. The CertificateExchangeService must be active to use this function. You can replace local certificates and partner certificates.

Adding task


Via the context menu, you can create a new task for an automatic certificate replacement.


images/download/attachments/148701681/1720-version-2-modificationdate-1744186522079-api-v2.png

images/download/attachments/148701681/1721-version-2-modificationdate-1744186543491-api-v2.png


(1) Retry count, Waiting time in days: The number of emails to be sent (initial email and reminder email) and the waiting time in days in between these emails.

(2) Exchange by: The replacement may be done via mail or OFTP. The sent message contains a file with name certificates.zip, which in turn contains a certificate file certificates_all.pem and certificates_all.der. These are certificate files without a private key, as you would receive them in a manual download if you only download the certificate. Note: For an alternative file name prefix (instead of certificates_all) see (6). Note: The sender address for Mail is specified in the configuration file ./etc/cex.xml and the email is sent via the SMTP server configured in file ./etc/startup.xml. Note: In order for an exchange to be possible for OFTP channels, the checkbox "Auto. certificate exchange" must be set there.

(3) Replacement type: The new certificate can be either be replaced immediately or when the expiry date of the certificate to be replaced is reached.

(4) Choose old certificate: The certificate to be replaced.

(5) Choose new certificate: The new certificate.

(6) Old certificate is already used by following partners: All the partner channels that contain the certificate to be replaced (4) are listed here. You can also edit a channel, e.g. add a contact person and an email address if no respective entries in area "Partner contact" of the channel are available or specify an alternative file name prefix, see (2). Important note : Please note that initially all partner channels are listed in which the certificate is used. The selection hooks on the left do not determine whether a certificate is exchanged in a channel or not, but the icon to the right of it (green for Yes and red for No). This can be adjusted via the context menu. If partner channels are removed in this way and you save, these partner channels cannot be added again.

Task overview


If the notification has been sent via email, the certificate will be replaced as set in (3), as soon as a partner sends back an email reply to a notification sent to him. Important note: To be able to receive those replies, there needs to be an active SmtpService. In addition, the SMTP server that you configured in file ./etc/startup.xml must forward emails sent to the address specified in file ./etc/cex.xml directly to the Integration Server via SMTP on port 25. Otherwise, the Integration Server will not notice if a reply to the original notification is sent.

If the notification has been sent via OFTP, the certificate will be replaced immediately (since you automatically had an acknowledgement of receipt in this case).

In both cases, the certificate will only be replaced in the affected partner channel (not in all partner channels of the tasks).


images/download/attachments/148701681/919-version-2-modificationdate-1744186563743-api-v2.png


(7) Task: The generated task for an automatic certificate replacement in the overview.

(8) Partner: If you mark a task (7), all affected partner channels appear here.

(9) State: The status of the replacement for the respective channel. You can also change it manually.

Mail templates

Overview


images/download/attachments/148701681/920-version-2-modificationdate-1744186579019-api-v2.png


(10) Subject: In this area, you should at least create one template for an initial notification and then another one for reminder messages. See also (1) and (11).

(11) MIME type, Language: You can only create one initial email template and one repeat email template for each MIME type/language combination. The language used depends on the value in field "Language" in the "Partner contact" area of the respective partner channel (an error will occur if that field does not contain a matching language!). In other words, if an email is sent for a partner channel, a template of the corresponding language is used. So, for example, if there is one initial template for de with MIME type text/plain and one with MIME type text/html, then both templates will be packed into the same email as parts. There can be a maximum of four templates per language. Initial template (MIME type text/plain), initial template (MIME type text/html), repeat template (MIME type text/plain) and repeat template (MIME type text/html).

(12) Retry text: Marks, whether it is a template for the initial email or for the retry emails, see also (1).


Creating new template via context menu


images/download/attachments/148701681/921-version-2-modificationdate-1744186605031-api-v2.png


(13) Mail template for retries: If this checkbox is set, this template will be used for the repeat emails, and not for the initial email, see also (12).

Logs


You can find relevant logs in the "Server Logs" of the Control Center in folder "cexlog".