webMethods.io B2B securing messages using the certificates

Introduction

This article explains how the message can be secured during the transmission.

Audience
It is assumed that readers of this article know how to setup B2B enterprise profile and partner on webmethods.io B2B platform.

Prerequisites

  • Set up B2B enterprise profile, partner profile, Business Document
  • A working flow of 850 purchase order transaction

Topics Covered

  • Configuring the certificates at Enterprise profile
  • Configure the certificates at partner profile
  • Enable the sign and encryption at channel level
  • Submit the transaction
  • Verify the transaction in monitor tab

Use Case:

  • We will implement the end to end use case for submitting the 850 purchase order transaction.
  • In this outbound transaction will be submitted using webmethods.io integration
  • As soon as message reached to the B2B, signing and encryption is done on the message using the certificates.
  • Message will be submitted to the preferred outbound channel

Ways to secure your message during the exchange

The following certificate usages are available to securely exchange documents with your business partners

  • Sign-Verify: To sign a document or verify the digital signature. In the sender’s profile, webMethods.io B2B uses the private key associated with the receiver to digitally sign documents.
    webMethods.io B2B checks the sender’s profile to use the sender’s public certificate that is associated with receiver to verify the document that was digitally signed by the sender.

  • Encrypt- Decrypt: To decrypt or encrypt documents. In the receiver’s profile, webMethods.io B2B uses public certificate associated with the receiver to encrypt information.
    webMethods.io B2B checks the receiver’s profile for the private key associated with the sender to decrypt document.

  • SSL: Certificate that enables webMethods.io B2B to act as an SSL client and connect to a remote secure server. If you enable this usage to send documents, upload a valid private key in the sender’s profile.

Where to configure the certificates?

  • Below diagram shows where do we need to install the certificates.
  • Let’s take an example we have 2 tenants tenant 1 and tenant 2

Outbound transaction with respect to Tenant 1

Note: Please refer above diagram for this section

  • Enterprise profile of tenant 1 becomes partner in tenant 2 and vice versa
  • Install the public P1 certificate and key at enterprise profile of tenant 1
  • Install public P1 cert at partner profile of tenant 2.
  • So when the outbound transaction is initiated from tenant 1, message will be signed and encrypted using the certificate present at enterprise profile (P1 cert and P1 key)
  • When the transaction reaches to partner profile of tenant 2, message get verified and decrypted using the public certificate available on partner profile (Home Style partner profile in tenant 2).

Inbound transaction with respect to Tenant 1

  • In real-time scenario for the inbound transactions, partners will be sharing the public certificates with us.
  • These certificates will be configured at the partner profile.
  • In our case consider Tenant 2 as our customer.
  • Certificates along with the key will be configured at the enterprise level of tenant 2.
  • Public certificate will be configured at tenant 1 partner level.
  • So when the inbound transaction comes to Tenant 1, it will get validated with certificates present at the partner level.

Configure the certificates at Enterprise profile:

For all the outbound transactions we need to configure the public certificates along with the key at enterprise profile either for all partners or for a specific partner.

  • Navigate to enterprise profile
  • In our case Enterprise profile name is HomeStyle Enterprise
  • Navigate to the certificates tab
  • Click on Add partner certificate set
  • Select specific partner
  • In our case specific partner is Reliance
  • Provide the private key
  • Select the SSL, Sign -Verify and Encrypt\Decrypt
  • Provide the public certificate
  • Click on verify
    image

image

Configure the certificates at partner profile:

For all the inbound transactions we need to configure the public certificates at the partner profile.

  • Navigate to the partner profile.
  • In our case it is Reliance
  • Import the certificate provided by your partner.
  • In our case, it will public certificate issued to partner 2

image

Modify the channel

  • Navigate to the channel
  • In our case it is HomeStyle_To_Releiance_outbound_AS2
  • Go to the channel configuration
  • Enable the message signing, message encryption and signed MDN.
  • With the above changes, the message will be signed and encrypted while transmission.
  • Also it will now expect the signed MDN

image

Submit the transaction using webmethods.io Integration

  • Navigate to webmethods.io integration
  • Open the flow service, in our case it is SubmitB2BTransaction flow service name
  • Pass the 850-purchase order payload to the flow service.
  • Submit the request.

Transaction Monitoring on B2B

  • Navigate to the Webmethods.io B2B monitoring tab
  • In the below screenshot, it shows the message has been processed
  • Select the EDINT Data and verify the message will be shown as signed and encrypted.

image