Setup certificate encryption
1. Generate Certificates |
First, a certificate pair must be generated in the Encryption tab of the remark group settings in IBI-aws Admin. |
2. Export client certificates |
The just generated certificate pair must now be exported via the "Export client certificates" option. |
3. Distribute certificates |
In order for the IBI-aws clients to be able to read the message file that is later encrypted with the certificate pair, this certificate pair is required for decryption. For this purpose, the certificate pair must be made available to all clients. Replace certificateIf a certificate pair is to be exchanged, both the new and the old certificate pair must be distributed until the new certificate pair is activated (in a later step). The following options are available for this purpose
Further details on the configuration of the two variants can be found at CertificateSource. |
4. Wait until the certificate is available everywhere |
The certificate pair cannot be used until it is available everywhere. Please check with the appropriate people for the current distribution status. |
5. Extend IBI-aws client call |
If the client certificates were distributed as a file or not via the computer's certificate store |
6. Wait until the adjusted IBI-aws call has been executed everywhere |
This step is only necessary if the IBI-aws Client call was adjusted in the previous step. Make sure that all IBI-aws Clients were/are started with the extended start parameter, e.g. by adjusting the corresponding start script. Continue only when is ensured. |
7. Activate certificates |
If the client certificates are available everywhere and, if necessary, the IBI-aws Client call has been adjusted, the certificate pair can be marked as "active" in the IBI-aws Admin. For more information, see Encryption. |
8. Publish message group |
Finally, the message group should be published so that the message file is written encrypted. |
9. Enable only encrypted data in IBI-aws client (optional) |
Perform this step only when you are sure that all IBI-aws Clients use encryption. By specifying the start parameter AcceptEncryptedDataOnly you can prevent the IBI-aws Client from continuing to process unencrypted message files and thus increase the protection against unauthorized manipulation. |