The use of certificates to ensure the security of your document exchanges is an option that is highly recommended. When sending a message, Activator uses the partner's public key (included in a certificate file) to encrypt the message. If the certificate is expired, Activator does not encrypt or send the message. Likewise, an inbound encrypted message cannot be deciphered with an expired certificate. It is important to make sure the certificates associated with communities and partners are current and have not passed their expiration dates.
Expiration dates for certificates are displayed in the user interface. For a community, click Certificates in the navigation graphic at the top of a community summary page to display a list of the community’s certificates. The list includes the expiration dates of all certificates. For a partner, you can view the same type of information by clicking Certificates at the top of a partner summary page.
Activator server checks at least once a day for certificates that are close to their expiration dates. A check is performed after the server is started. Thereafter, Activator performs a daily check. The time the check is performed depends on the value of the Interval element in the alerts.xml file, which is at <install directory>\conf. If the interval is less than or equal to 60 minutes, the check is performed between midnight and 1:00 a.m., server time. If the interval is much less than 60 minutes, the check may be performed twice or more before 1:00 a.m. If the interval is greater than 60 minutes, the check is performed at the time past midnight equal to the interval length. For example, if the interval is 90 minutes, the check is performed at 1:30 a.m.
Activator posts a message on the user interface home page 14 days before a community or partner certificate expires. It also displays an alert message on the Alerts toolbar menu. If your license allows users to have certificates
If there are outstanding alerts for a certificate about to expire, Activator continues generating alerts at the interval specified in the alerts.xml file, regardless of time of day, until the certificate is replaced.
The messages about expiring certificates remain until the certificates are deleted. The messages give you time to replace certificates before they expire. We recommend replacing certificates before, rather than after, expiration so that trading is not disrupted. Regardless, expired certificates must be replaced. Expired certificates cannot be used for encryption, decryption or signing.
Do the following when a certificate is about to expire. The advice about archiving expired certificates is recommended, but not required.
<install directory>\common create a subdirectory named certarchive. Create subdirectories of certarchive named community and partner..p12 file. Save the file in <install directory>\common\certarchive\community..p7b file. Select Include all certificates in the certificate path if possible. Save the file in <install directory>\common\certarchive\partner.