Certificate Selection

Certificate Selection

The following section explains, how the SecurityServer decides which certificate should be used in which situation. A certificate is never used when it is not active or when its timeslice is exceeded. It holds: An ILN represents a system. Following “system” means your own system, “partner” means partner system.

The B2B handles communication for one or multiple systems. Every system and every partner is represented via ILN. Every ILN is related to an email address. Every certificate is also related to an email address. Furthermore, based on the alias, every certificate is related to all (alias=email) or one ILN of the email address (alias=ILN). The used email addresses from the sender and receiver of an email are always part of the unencrypted email header. The ILNs from the sender and receiver of an email must be part of the unencrypted email subject, due to BDEW specification.

Inbound email messages are send from a partner to the receiving system. They can be encrypted by the certificate of the system (decryption via private key of the system) and they can be signed by the partner (signature verification with the certificate of the partner). Outbound email messages are send from the system to the receiving partner. They can be encrypted by the certificate of the partner and they can be signed with the private key of the system.

The validity of two different certificates for the same email may overlap for two weeks. In this case, further distinction should be provided by the timeslice.

In summary, whether a certificate/key is used depends on its alias, timeslice and validity. An inactive certificate is never used.

Inbound Decryption

The SecurityServer tries every active and valid private key to decrypt the message. Neither alias, nor timeslice influence the selection.

Outbound Signature

Use the active key with alias = system (sender) ILN or email, but only if usage is signature. Validity and timeslice must be satisfied. Warning: you should avoid uploading two different keys with same alias and overlapping validity and timeslice. If validity and timeslice overlaps, the newer key (judged by the validity-from date) is used. It may be changed through configuration, so that the oldest key will be used.

Inbound Signature Verification

Use the active certificate with alias = partner (sender) ILN or email, but only if usage is signature and if it is valid. The timeslice is not considered.

Outbound Encryption

Use the active certificate with alias = partner (receiver) ILN or email, but only if usage encryption. Validity and timeslice must be satisfied. Warning: you should avoid uploading two different certificates with same alias and overlapping validity and timeslice. If validity and timeslice overlaps, the newer certificate (judged by validity-from date) is used. It may be changed through configuration, so that the oldest certificate will be used.

Best practise for overlapping validity

The validity of two different keys/certificates for the same email may overlap for two weeks. Let there be two certificates/keys for the same email with overlapping validity. Upload both certificates/keys with same alias but disjunct (“GAPLESS”) timeslice. The certificate/key used for outbound encryption / signing is selected based on the timeslice. Both certificates/keys can be used for inbound signature validation / decryption during the overlapping period.

View Me   Edit Me