Home » IBM Manuals » Computer Software » IBM E02HRLL-G » Manual Viewer

IBM E02HRLL-G Administration Guide - Page 56

WebSphere Partner Gateway Hub Configuration Guide, For complete certpath building and validation

Add to My Manuals
Save this manual to your list of manuals

Page 56 highlights

Digital signatures are calculations based on an electronic document using public-key cryptography. Through this process, the digital signature is tied to the document being signed and to the signer, and cannot be reproduced. With the passage of the federal digital signature bill, digitally signed electronic transactions have the same legal weight as transactions signed in ink. WebSphere Partner Gateway uses digital certificates to verify the authenticity of business document transactions between the internal partners and external partners. They are also used for encryption and decryption. You can specify a primary and a secondary certificate to ensure that the document exchange is not interrupted. The primary is used for all transactions. The secondary is used if the primary is expired. Digital certificates are uploaded and identified during the configuration process. If a certificate is expired or revoked, it is disabled and is reflected as such in the console. However, this is not applicable to the certificates uploaded as Root/Intermediate certificates. If the primary certificate is expired, it is disabled and the secondary certificate will be set as the primary. An event is generated when a certificate is found to be expired. The Certificate Usage option is available based on the certificate type selected. In the Hub Operator profile, Certificate Usage can be set for Digital Signature, Encryption, or SSL Client certificate. In the partner profile, Certificate Usage can be set for Encryption certificate. If the same certificate is to be used for different purposes, for example, for Digital Signature and Encryption in Hub Operator profile, it has to be loaded twice, once for the Digital Signature, and again for the Encryption certificate. However, if the certificate is used for Digital Signature and for SSL Client, then the corresponding check boxes can be set in the same certificate entry. Secondary certificates can also be loaded twice, once for Digital Signature and again for SSL Client. If so, the same pattern has to be followed for the secondary certificates. For example, if the primary certificates were loaded as different certificates for Digital Signature and for SSL Client, then secondary certificates has to be loaded as different certificate entries (even though the certificate may be the same). For complete certpath building and validation, you are required to upload all of the certificates in the certificate chain. For example, if the certificate chain contains certificates A -> B -> C -> D, where A -> B means A is the issuer of B, then certificates A, B, and C should be uploaded as root certificates. If one of the certificates is not available, the certpath is not built and the transaction is unsuccessful. The CA certificates can be obtained from the Certificate Repositories maintained by the Certificate Authorities. Root and intermediate certificates can only be uploaded in the Hub Operator profile. Note: Before you can use the procedures in the following sections, the certificates must be loaded into the system. For more information about loading the certificates, see the WebSphere Partner Gateway Hub Configuration Guide. The Certificate Management view allows you to modify certificate sets that are used for a specific participant connection. An option to filter is provided. Modify the certificate sets that are used in the connection. Alternatively, this can be done from the participant connection itself. Steps to manage Certificates sets: 50 IBM WebSphere Partner Gateway Enterprise and Advanced Editions: Administration Guide

Section	Page
Contents	3
Chapter 1. About this book	7
Audience	7
Roles, access levels, and responsibilities	7
Typographic conventions	8
Related documents	9
New in release 6.2	9
Chapter 2. Managing the WebSphere Partner Gateway component applications	11
Managing WebSphere Partner Gateway components in a simple mode system	11
Managing WebSphere Partner Gateway components in a distributed mode system	12
The Deployment Manager	13
Starting and stopping servers from the command line	14
Starting and stopping FTP Management Server from command line	14
Starting and stopping the components in a simple distributed mode system	15
Starting servers in a simple distributed mode system	15
Stopping servers in a simple distributed mode system	16
Starting and stopping the components in a full distributed mode system	17
Starting servers in a full distributed mode system	17
Stopping servers in a full distributed mode system	18
Chapter 3. Basic Community Console tasks	21
Logging in to the Community Console	21
Navigating through the Community Console	22
Community Console icons	22
Logging off from the Community Console	24
Chapter 4. Hub administration tasks	25
Managing password policy	25
Changing database connectivity, database user and password	26
Managing event codes	26
Viewing and editing event codes	27
Exporting event code names	27
Specifying events that can be notified	28
Document Validation Errors	28
Managing receivers	28
Viewing and editing receiver details	28
Enabling or disabling receivers	28
Deleting receivers	29
Localizing HTTP synchronous target time out	29
Managing interactions and document definitions	29
Managing XML formats	30
Large file support	31
Enabling or disabling actions	31
Managing handlers	31
Importing a handler	32
Deleting a handler	32
Configuring the content-type attribute in handlers	32
Managing maps	33
Updating validation maps	33
Viewing validation maps Where used	33
Deleting validation maps	33
Managing transformation maps	33
Managing EDI FA maps	34
Managing EDI	34
Envelope profile	34
Enveloper	35
Connection profiles	36
Control number initialization	36
Current control numbers	37
Managing system configuration data	38
Configuring the alert mail server	39
Viewing system activity	39
Managing event delivery	40
Managing API calls	40
Managing Document Manager information	41
Maximum hold time	41
Maximum files-per-poll-interval	41
Supporting ebMS	42
Uploading a CPA to WebSphere Partner Gateway	42
Non-prepopulated attributes	43
Algorithms supported by the ebMS	44
Configuration details for validating Webservices	44
Using non-repudiation logging	45
Using message store	45
Prerequisite to setup WebSphere Partner Gateway - WebSphere Transformation Extender Integration Environment	46
Chapter 5. Account administration tasks	47
Managing partner profiles	47
Viewing and editing partner profiles	47
Searching for partners	47
Deleting partners	48
Managing destination configurations	48
Required information for destination configuration	48
Viewing and editing destinations	49
Viewing and editing default destination	51
Viewing destination Where used	51
Deleting destination	51
Uploading transports	52
Deleting transports	52
Transport and destination retries	52
Forward proxy support	55
Managing certificates	55
Configuring the certpath related properties	57
Viewing and editing digital certificates	58
Disabling a digital certificate	59
Changing B2B attribute values	59
Managing partner connections	60
Connection components	60
Connection duplication	61
Searching for connections	61
Changing connection configurations	63
Managing exclusion lists	64
Adding partners to the exclusion list	65
Editing the exclusion list	65
Chapter 6. Administering partner migration	67
Using the migration utility from the command line	67
Invoking from the command line	69
Mapping of XML element with Console	71
Exporting partner migration	73
Considerations when creating your own import data	75
Manual validation of the import file	75
Migration configuration type dependencies	75
Export/Import order	78
BCG and DIS Import	79
Non-migratable configurations	79
Limitations of the migration utilities	79
Forward proxy migration	79
Chapter 7. LDAP support for logon authentication	81
Using LDAP	81
Enabling the container managed authentication mechanism	81
Enabling J2EE security	81
User names and groups	82
Stopping the use of LDAP authentication	82
Sample LDAP configuration	83
Configuring the WebSphere Application Server for the standalone IBM Tivoli Directory Server	83
Specifying LDAP users to use the WebSphere Partner Gateway Console	85
Chapter 8. Support for IPv6	87
Enabling tunneling IPv6 over IPv4	87
RHEL Linux 3	87
Windows 2003/XP	87
HP-UX 11i	88
Enabling IPV6	88
Configuring attributes	89
Chapter 9. Managing the Destination Queue	91
Viewing the Destination Queue	91
Viewing queued documents	92
Stopping the processing of documents from the destination queue	93
Viewing destination details	94
Changing destination status	94
Chapter 10. Analyzing document flows	95
Document Analysis tool	95
Viewing the state of documents in the system	96
Viewing documents in the system	96
Viewing process and event details	97
Document Volume Report	97
Creating a Document Volume Report	97
Exporting the Document Volume Report	98
Printing reports	98
Test Partner Connection	98
Pinging ebMS partners	99
Web Server result codes	99
EDI Reports	102
EDI FA Overdue Search	102
EDI Rejected Transaction Search	103
FTP Reports	105
FTP Statistics	105
FTP Connections	105
Chapter 11. Viewing events and documents	107
Event Viewer	107
Event types	108
Searching for events	108
Viewing event details	109
Error events	109
AS Viewer	110
Searching for messages	111
Viewing message details	112
RosettaNet Viewer	113
Searching for RosettaNet processes	113
Viewing RosettaNet process details	114
Viewing raw documents	115
Document Viewer	115
Searching for documents	115
Viewing document details, events, and raw documents	117
Mass document resend	118
Viewing EDI documents	119
Document Validation Errors	120
Viewing data validation errors	121
Stopping a document that is in process	122
Re-sending failed and successful documents	122
ebMS Viewer	124
Searching for ebMS processes	124
Viewing ebMS process details	125
Viewing raw documents	125
Requesting and viewing the status of a document	126
Destination Queue	126
Chapter 12. Simulating production traffic	127
Preparing to test	128
Setting up test scenarios	128
Sample scenarios	129
Uploading and viewing your requests and responses	131
Initiating and viewing document type	131
Searching for an open document	132
Responding to an open document	132
Removing an open document	133
Chapter 13. Archiving	135
Archiver configuration	135
View archiver task	135
Archiver task modification	137
Export and Import of archiver configuration	138
Archiver runtime tasks	138
Archiver reports	139
Archiver Restore	141
Restoring archived data of WebSphere Partner Gateway V6.1 and earlier	142
Searching the restored documents	142
User intervention for archiving	143
Archiver Restrictions	144
Chapter 14. Using logging and tracing features	145
Log and trace files	145
Log file management	146
Trace file management	147
Configuring tracing in a simple mode system	148
Setting tracing in a distributed mode system	148
Tracing tasks common to both types of systems	149
Setting log detail levels	150
Identifying WebSphere Partner Gateway trace messages	151
EDI, XML, ROD subcomponent tracing	151
Interpreting WebSphere Application Server log and trace messages	152
WebSphere Application Server event types	152
Integrated FTP Server logging	152
Chapter 15. FTP Server Configuration Management	155
FTP user management	156
Chapter 16. Relocation and Redeployment of WebSphere Partner Gateway	157
Prerequisites	157
Restoring the configuration details	158
Changing host name and IP address of WebSphere Partner Gateway	158
Changing the host name and port number of database	159
Changing the port numbers	159
Relocation and redeployment examples	160
Chapter 17. Troubleshooting	163
Avoiding long processing time on large encrypted AS documents	164
Avoiding long processing time for large encrypted documents	165
Avoiding out-of-memory errors	165
Document Manager memory configuration	165
Document Manager workload	166
Document structure	166
Increasing the heap size	166
Collating data for multiple languages	166
Ensuring sufficient virtual memory for DB2 agents	167
Fixing DB2 SQL errors	167
SQLCODE -444 error	168
SQLCODE -289 error	168
SQLCODE -1225 error	168
SQL 0964C Transaction log full error on the BCGMAS database	168
IBM service log unreadable	169
WebSphere Application Server informational messages	169
Increasing the Receiver timeout setting	169
Optimizing database query performance	170
Resolving event 210031	170
Documents routed twice when network is lost or document manager server shutdown abruptly	171
0A1 generated with data validation errors	171
EDI reports export the first 1000 records only	171
Console does not start after a server restart	171
FTPScripting Receiver receives StringIndexOutofBoundsException	172
Error scenario	172
Working scenario	172
Receiver Failure to read Configuration File	172
Configuring Users to receiving Alerts Notification	172
Resolving ClassNotFoundException for User Exit classes	173
Reprocessing events and business documents that fail to log to the database	173
Disabling JIT in a WebSphere Application Server when WebSphere Partner Gateway produces a javacore	174
Defining a custom transport type	174
Resolving WebSphere Partner Gateway errors BCG210031 and BCG240415	174
Creating File directory destination on a drive other than C:	175
Preventing partner transactions from being processed by WebSphere Partner Gateway	175
Fixing the browser ERROR: 500	176
Downloading CRL for SSL transactions	176
Databinding in JMS Exports/Imports within WebSphere Process Server	177
Fixing test partner connection for SSL connections	178
Fixing errors BCGEDIEV0O56 and BCG210001	178
Fixing ORA-00988 error	178
Configuring Content-Types attribute for the fixed workflow handlers	178
Fixing BCG210013 error	179
Increasing buffer size to prevent document transmission low performance	180
WebSphere Partner Gateway hub installer logs error messages	180
DB password required error in bcgHubInstall.log	181
Using revocation check and using CRL DP support	181
Returning document volume report search information about the console	181
Loading the native library	182
Fixing error TCPC0003E and CHFW0029E	182
CA certificate expiration	183
VCBaseException in the SystemOut.log	184
Reporting file size for documents greater than 2 GB	184
SSL handshake fails because no certificate received	184
Fixing the hanging threads warning	185
Stopping the Document Manager exception	185
Fixing WebSphere MQ messages	186
MQJMS2007 error	186
MQJMS2013 error	187
java.security.InvalidKeyException: Illegal key size or default parameter	187
The MDN status of ′unknown′ for AS transactions	187
Servers fail to start after applying fixes	187
Correcting the shortcut ports for WebSphere Application Server	188
Avoiding duplicate document delivery when there is more than one router	188
Rendering of tab headings on displays with resolution greater than 1024	189
Documents not processed when using Oracle 9i Release 2	189
Document processing when the database goes down	189
java.lang.NoClassDefFoundError with reprocessDbLoggingErrors.bat	190
Recovery process when queue and disk is full or unavailable	190
Workflow Handler Runtime Error	190
Error while invoking WebSphere Transformation Extender Map	191
IBM Support Assistant (ISA) Plugin	191
Partner Migration Utility with LDAP	191
AS signature failure for interop content type	192
Appendix A - performance considerations	193
Managing queue overflow	193
Generating summary data	193
Appendix B - failed events	195
Appendix C - component-specific system attributes	229
Configuring attributes as WebSphere Application Server ND environment variables	229
Editing RosettaNet attribute values	229
Editing FTP Administration	230
Attribute tables	234
Notices	259
Programming interface information	261
Trademarks and service marks	261
Index	263
A	263
B	263
C	263
D	263
E	264
F	264
G	264
H	264
I	264
J	264
L	264
M	264
N	265
O	265
P	265
Q	265
R	265
S	265
T	265
U	266
V	266
W	266

Match case Limit results 1 per page

Digital signatures are calculations based on an electronic document using

public-key cryptography. Through this process, the digital signature is tied to the

document being signed and to the signer, and cannot be reproduced. With the

passage of the federal digital signature bill, digitally signed electronic transactions

have the same legal weight as transactions signed in ink.

WebSphere Partner Gateway uses digital certificates to verify the authenticity of

business document transactions between the internal partners and external

partners. They are also used for encryption and decryption.

You can specify a primary and a secondary certificate to ensure that the document

exchange is not interrupted. The primary is used for all transactions. The

secondary is used if the primary is expired.

Digital certificates are uploaded and identified during the configuration process.

If a certificate is expired or revoked, it is disabled and is reflected as such in the

console. However, this is not applicable to the certificates uploaded as

Root/Intermediate certificates. If the primary certificate is expired, it is disabled

and the secondary certificate will be set as the primary. An event is generated

when a certificate is found to be expired.

The Certificate Usage option is available based on the certificate type selected. In

the Hub Operator profile, Certificate Usage can be set for Digital Signature,

Encryption, or SSL Client certificate. In the partner profile, Certificate Usage can be

set for Encryption certificate. If the same certificate is to be used for different

purposes, for example, for Digital Signature and Encryption in Hub Operator

profile, it has to be loaded twice, once for the Digital Signature, and again for the

Encryption certificate. However, if the certificate is used for Digital Signature and

for SSL Client, then the corresponding check boxes can be set in the same

certificate entry.

Secondary certificates can also be loaded twice, once for Digital Signature and

again for SSL Client. If so, the same pattern has to be followed for the secondary

certificates. For example, if the primary certificates were loaded as different

certificates for Digital Signature and for SSL Client, then secondary certificates has

to be loaded as different certificate entries (even though the certificate may be the

same).

For complete certpath building and validation, you are required to upload all of

the certificates in the certificate chain. For example, if the certificate chain contains

certificates A -> B -> C -> D, where A -> B means A is the issuer of B, then

certificates A, B, and C should be uploaded as root certificates. If one of the

certificates is not available, the certpath is not built and the transaction is

unsuccessful. The CA certificates can be obtained from the Certificate Repositories

maintained by the Certificate Authorities. Root and intermediate certificates can

only be uploaded in the Hub Operator profile.

Note:

Before you can use the procedures in the following sections, the certificates

must be loaded into the system. For more information about loading the

certificates, see the

WebSphere Partner Gateway Hub Configuration Guide

The Certificate Management view allows you to modify certificate sets that are

used for a specific participant connection. An option to filter is provided. Modify

the certificate sets that are used in the connection. Alternatively, this can be done

from the participant connection itself. Steps to manage Certificates sets:

IBM WebSphere Partner Gateway Enterprise and Advanced Editions: Administration Guide