Create or Change a Collaboration Partner's Certificate
For public keys, the NEXUSe2e application supports the PEM and the DER format for public keys. A PEM or DER file provided by your partner needs to be imported into the partner configuration. Select the partner you want to add the certificate from your collaboration partners list and choose the certificates tab.
Now you will see an overview of all your certificates for this partner. Even if expired, certificates are never deleted automatically and you can only delete them manually if they are not referenced in one of your connections defined for this partner. After hitting the add button you are asked to upload a PEM or DER file. You should also provide a display name for the certificate.
We recommend that you include the issue date in the certificate display name. This will provide a nice history and helps fixing configuration issues.
Install missing intermediate and root certificates
After the certificate upload, you see a summary page for the newly created certificate. NEXUSe2e will show the whole certificate chain.
Sometimes, if a new Certificate Authority (CA) is used or if the CA's root or intermediate certificates have changed, NEXUSe2e will be unable to build the certificate chain. In this case, an error message is shown. If you do not see this error message, you can skip this section.
- Message that indicates a missing root or intermediate certificate
This message indicates that the certificate chain cannot be built because a signing (root or intermediate) certificate is missing. If you see this message, you need to import the signing certificate using the CA Certificates section in the NEXUSe2e admin UI.
First, you need to get the signing certificate in PEM or DER format from either you partner or the CA itself. The Distinguished Name and organization information shown by NEXUSe2e may help to download or request the required certificate from the CA.
Once you got the certificate, upload it by navigating to Server Configuration > CA Certificates > Add CA Certificate:
- Import Root or Intermediate Certificate
After importing the signer certificate, check the partner certificate again and import other missing certificate(s) if necessary.
Finally, the partner certificate summary should look like this:
Switching to the new certificate
Unlike the last steps, the next step has directly impact on your secure communication with your partner. Therefore it is required to align this with your partner.
Go to the partner's Connections tab. Now you will receive a list of all connections available for this partner. Drill down into the one you want to change. The added certificate should now be available in the certificate drop down box. Just select the new one and hit the save button.
After applying this change, all choreographies using this connection will return the new certificate in the SSL handshake process.