Certificates and keys > Replace certificates automatically > Track CEM and SCX requests

Track CEM and SCX requests

The Activator user interface includes two pages for monitoring CEM and SCX messages.

Page	Description
Received certificate exchange requests page	This page provides information about the CEM and SCX requests your community has received from partners. This includes the date the message was received, the name of the partner who sent the message and the number of public-key certificates in the message. To open the page, select Trading configuration on the top toolbar. On the Communities page, click Manage received certificate exchange requests in the task list at the bottom of the page.
Sent certificate exchange trust requests page	This page provides information about the CEM and SCX requests your community has sent to partners. This includes the sent and respond-by dates, the number of partners to whom the request was sent and the number of public-key certificates in the message. To open the page, select Trading configuration on the top toolbar. On the Communities page, click Manage sent certificate exchange trust requests in the task list at the bottom of the page.

Page

Description

Received certificate exchange requests page

This page provides information about the CEM and SCX requests your community has received from partners. This includes the date the message was received, the name of the partner who sent the message and the number of public-key certificates in the message.

To open the page, select Trading configuration on the top toolbar. On the Communities page, click Manage received certificate exchange requests in the task list at the bottom of the page.

Sent certificate exchange trust requests page

This page provides information about the CEM and SCX requests your community has sent to partners. This includes the sent and respond-by dates, the number of partners to whom the request was sent and the number of public-key certificates in the message.

To open the page, select Trading configuration on the top toolbar. On the Communities page, click Manage sent certificate exchange trust requests in the task list at the bottom of the page.

More details about these pages are provided in the following topics.

Received certificate exchange requests page

The Received certificate exchange requests page provides information about the CEM and SCX requests your community has received from partners. This includes the date the message was received, the name of the partner who sent the message and the number of public-key certificates in the message. You can use the page to determine how you want to manage processing of inbound CEM and SCX requests.

CEM requests

The following are the options for CEM requests.

Let the system automatically accept all signed CEM requests – Select if you want your community to accept all replacement certificates from partners. Activator approves each certificate upon receipt and sends an acceptance CEM response to the partner who sent the message. Approval is contingent on whether the CEM request was signed with a certificate associated with the partner’s profile.
All CEM requests must be manually accepted or rejected – Select if you want to review each CEM message and determine whether to accept or reject the certificate. Activator sends a CEM response once you have decided.

SCX requests

The following are the options for SCX requests.

Let the system automatically accept – Select to have your community accept all SCX requests containing a certificate that has the same issuer, subject and key usage of an existing certificate.
All OFTP SCX requests must be manually accepted or rejected – Select if you want to review each SCX message and determine whether to accept or reject the certificate. Activator sends a response once you have decided.

Internal checks

Whether you choose the automatic or manual option, Activator performs the following internal checks before accepting a certificate:

For CEM and SCX – Does Activator have the complete certificate chain for the certificate in the request? If a self-signed certificate, the request should contain the complete certificate chain.
CEM only – Does the request XML document contain the issuer name and serial number of the certificate in the request? Activator makes sure the issuer name and serial number are the same in the XML document and in the certificate within the XML document.
CEM only – Does the certificate support the requested usage of signing, encryption or SSL? For example, if the request says the certificate is to be used for signing, Activator makes sure the key usage extension, if any, in the certificate actually supports digital signatures.

Message details pages

On the Received certificate exchange requests page, a Message details link displays for each message. Click the link to open a message details page in Message Tracker. Certificate request messages are sent and received like any other messages exchanged between partners.

After a request has been accepted or rejected, a Delete button appears on the Received requests page. This lets you clear the page of old request records.

On the Received certificates exchange requests page click Request details to open a details page. The details pages are tailored for CEM and SCX requests.

Received request details page

The Received request details page shows details about the CEM or SCX request, including the name of the partner and the usage for the replacement certificate. The requested respond-by date displays only for a CEM request. An SCX details page displays the type of request (Request, Deliver, Replace).

The name of the certificate is displayed in the Name column. Click the name to open a View certificate page, which contains details about the public-key certificate (see Certificate field descriptions).

If you selected the manual option on the Received certificate exchange requests page, determine whether to accept the certificate and click Accept or Reject to send a response to the partner who sent the request. The Response column updates with a message reflecting whether you accepted or rejected the certificate.

If you reject a certificate, you can type a reason. The reason displays on the details page and is included in the response to the partner who sent the request.

After accepting or rejecting the request, you can click the link in the Response column to open a details page in Message Tracker for the response message you sent to the partner who sent the request.

Sent certificate exchange trust requests page

The Sent certificate exchange trust requests page provides information about the CEM and SCX requests your community has sent to partners. This includes the sent and respond-by dates, the number of partners to whom the request was sent and the number of public-key certificates in the message.

After the respond-by date for a request has passed or has been canceled, a Delete button displays. You can click it to delete the record from the page. This only clears the display of the specific request; deleting does not affect the certificate.

A respond-by date is canceled either when all partners who received the request have rejected the certificate or when the request is canceled on the Sent certificate exchange trust request details page.

Click a link in the Recipients column to open the Sent certificate exchange trust request details page .

Sent request details page

The Sent certificate exchange trust request details page shows details about the CEM or SCX request, including the number of partners who have accepted or rejected the certificate.

Click the certificate name to open a View certificate page, which contains details about the public-key certificate (see Certificate field descriptions).

On the details page you can also select the following:

Install this certificate now – Click to immediately implement the certificate before the respond-by date or despite rejection by one or more partners.
Cancel the scheduled installation of this certificate – Click to stop Activator from implementing the certificate after the respond-by date has passed. This forestalls implementation only in the absence of responses from partners. If all partners accept the certificate, Activator implements the certificate regardless of the canceled respond-by date.

A Message details link displays for every partner to whom you sent a request. Click the link to open a message details page in Message Tracker. CEM and SCX messages are sent and received like any other messages exchanged between partners.