The use of certificates to ensure the security of your document exchanges is an option that we highly recommend. When sending a message, the trading engine uses the partner’s public key (included in a certificate file) to encrypt the message. If the certificate is expired, Activator does not encrypt or send the message. Likewise, an inbound encrypted message cannot be deciphered with an expired certificate. It is important to make sure the certificates associated with communities and partners are current and have not passed their expiration dates.
Expiration dates for certificates are displayed in the user interface. For a community, click Certificates in the navigation graphic at the top of a community summary page to display a list of the community’s certificates. The list includes the expiration days of all certificates. For a partner, you can view the same type of information by clicking Certificates at the top of a partner summary page.
Activator checks at least once a day for certificates that are close to their expiration dates. A check is performed after the server is started. Thereafter, Activator performs a daily check. The time the check is performed depends on the value of the Interval element in the alerts.xml file, which is at <install directory>\conf. If the interval is less than or equal to 60 minutes, the check is performed between midnight and 1 a.m., server time. If the interval is much less than 60, the check may be performed twice or more before 1 a.m. If the interval is greater than 60, the check is performed at the time past midnight equal to the interval length. For example, if the interval is 90 minutes, the check is performed at 1:30 a.m.
Activator posts a message on the user interface home page 14 days before a community or partner certificate expires. It also displays an alert message on the Alerts toolbar menu. If your license allows users to have certificates
If there are outstanding alerts for a certificate about to expire, Activator continues generating alerts at the interval specified in the alerts.xml file, regardless of time of day, until the certificate is replaced.
The messages about expiring certificates remain until the certificates are deleted.
The messages give you time to replace certificates before they expire. We recommend replacing certificates before rather than after expiration so trading is not disrupted. Regardless, expired certificates must be replaced. They cannot be used for encryption, decryption or signing.
Do the following when a certificate is about to expire. The advice about archiving expired certificates is recommended, but not required.
[install directory]\common create a subdirectory named certarchive. Create subdirectories of certarchive named community and partner.[install directory]\common\certarchive\community.[install directory]\common\certarchive\partner.