This article explains how the message can be secured during the transmission.
It is assumed that readers of this article know how to setup B2B enterprise profile and partner on webmethods.io B2B platform.
- Set up B2B enterprise profile, partner profile, Business Document
- A working flow of 850 purchase order transaction
- Configuring the certificates at Enterprise profile
- Configure the certificates at partner profile
- Enable the sign and encryption at channel level
- Submit the transaction
- Verify the transaction in monitor tab
- We will implement the end to end use case for submitting the 850 purchase order transaction.
- In this outbound transaction will be submitted using webmethods.io integration
- As soon as message reached to the B2B, signing and encryption is done on the message using the certificates.
- Message will be submitted to the preferred outbound channel
The following certificate usages are available to securely exchange documents with your business partners
Sign-Verify: To sign a document or verify the digital signature. In the sender’s profile, webMethods.io B2B uses the private key associated with the receiver to digitally sign documents.
webMethods.io B2B checks the sender’s profile to use the sender’s public certificate that is associated with receiver to verify the document that was digitally signed by the sender.
Encrypt- Decrypt: To decrypt or encrypt documents. In the receiver’s profile, webMethods.io B2B uses public certificate associated with the receiver to encrypt information.
webMethods.io B2B checks the receiver’s profile for the private key associated with the sender to decrypt document.
SSL: Certificate that enables webMethods.io B2B to act as an SSL client and connect to a remote secure server. If you enable this usage to send documents, upload a valid private key in the sender’s profile.
Where to configure the certificates?
- Below diagram shows where do we need to install the certificates.
- Let’s take an example we have 2 tenants tenant 1 and tenant 2
Note: Please refer above diagram for this section
- Enterprise profile of tenant 1 becomes partner in tenant 2 and vice versa
- Install the public P1 certificate and key at enterprise profile of tenant 1
- Install public P1 cert at partner profile of tenant 2.
- So when the outbound transaction is initiated from tenant 1, message will be signed and encrypted using the certificate present at enterprise profile (P1 cert and P1 key)
- When the transaction reaches to partner profile of tenant 2, message get verified and decrypted using the public certificate available on partner profile (Home Style partner profile in tenant 2).
- In real-time scenario for the inbound transactions, partners will be sharing the public certificates with us.
- These certificates will be configured at the partner profile.
- In our case consider Tenant 2 as our customer.
- Certificates along with the key will be configured at the enterprise level of tenant 2.
- Public certificate will be configured at tenant 1 partner level.
- So when the inbound transaction comes to Tenant 1, it will get validated with certificates present at the partner level.
For all the outbound transactions we need to configure the public certificates along with the key at enterprise profile either for all partners or for a specific partner.
- Navigate to enterprise profile
- In our case Enterprise profile name is HomeStyle Enterprise
- Navigate to the certificates tab
- Click on Add partner certificate set
- Select specific partner
- In our case specific partner is Reliance
- Provide the private key
- Select the SSL, Sign -Verify and Encrypt\Decrypt
- Provide the public certificate
- Click on verify
For all the inbound transactions we need to configure the public certificates at the partner profile.
- Navigate to the partner profile.
- In our case it is Reliance
- Import the certificate provided by your partner.
- In our case, it will public certificate issued to partner 2
- Navigate to the channel
- In our case it is HomeStyle_To_Releiance_outbound_AS2
- Go to the channel configuration
- Enable the message signing, message encryption and signed MDN.
- With the above changes, the message will be signed and encrypted while transmission.
- Also it will now expect the signed MDN
Submit the transaction using webmethods.io Integration
- Navigate to webmethods.io integration
- Open the flow service, in our case it is SubmitB2BTransaction flow service name
- Pass the 850-purchase order payload to the flow service.
- Submit the request.
- Navigate to the Webmethods.io B2B monitoring tab
- In the below screenshot, it shows the message has been processed
- Select the EDINT Data and verify the message will be shown as signed and encrypted.