commerce suite administration guide version 3.5.1_0710

nuBridges Commerce Suite™ Administration Guide

Document Version 07.10

VERSION 3.5.1

© 2001-2010 nuBridges, Inc. All rights reserved.

Information in this document is subject to change without notice and does not represent a commitment on the part of nuBridges. The documentation is provided “as is” without warranty of any kind including without limitation, any warranty of merchantability or fitness for a particular purpose. Further, nuBridges does not warrant, guarantee, or make any representations regarding the use, or the results of the use, of the software or written material in terms of correctness, accuracy, reliability, or otherwise.

nuBridges is a trade name and registered trademark in the United States and other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Chapter 1: Overview

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

About This Document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Introduction to the Commerce Suite Documentation Set . . . . . . . . . . . . . . 9

Commerce Suite Documentation Roadmap. . . . . . . . . . . . . . . . . . . . . . . 10

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 2: Introduction to Commerce Suite

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

The Commerce Suite Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Certified Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

The Commerce Suite Advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Supports the EDI-INT Specification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Ensures Data Integrity and Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Enables a High Performance, High Availability Trading Community. . . . . . . . . . . . . 17Assure Reliable Trading Community Data Delivery . . . . . . . . . . . . . . . . . . . . . . . . . 17

Commerce Suite Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Multithreaded Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Commerce Suite Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Dynamic Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Failsafe Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Data Asset Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Commerce Suite Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Understanding the Console Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Understanding the Serialization Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Understanding the Control Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Understanding the Outbound Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Understanding the Inbound Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Understanding the Out-Beacon Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Understanding the Router Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Table of Contents

Table of Contents, continued

Chapter 2: Introduction to Commerce Suite, continued

Understanding Commerce Suite Roles . . . . . . . . . . . . . . . . . . . . . . . . . . 24Understanding the Transport Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Understanding the Router Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Understanding the Admin Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Chapter 3: Managing Commerce Suite ServersIntroduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Managing Commerce Suite Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Defining a New Commerce Suite Server Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Inserting a Commerce Suite Server Profile Into the Database . . . . . . . . . . . . . . . . . 27Displaying a List of Defined Commerce Suite Servers . . . . . . . . . . . . . . . . . . . . . . . 27Reading Commerce Suite Server Settings From a Database. . . . . . . . . . . . . . . . . . 28Removing a Server Profile From a Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Removing a Server Profile From Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Starting a Remote Commerce Suite Server on a Remote Host . . . . . . . . . . . . . . . . 29

Chapter 4: Managing Commerce Suite Trading PartnersIntroduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Managing Trading Partner Relationships . . . . . . . . . . . . . . . . . . . . . . . . . 31Defining a New Trading Partner Pair. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Inserting a Trading Partner Pair into a Database . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Displaying Active Trading Partner Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Reading Trading Partner Pair Data From a Database . . . . . . . . . . . . . . . . . . . . . . . 33Removing a Trading Partner Pair from a Database . . . . . . . . . . . . . . . . . . . . . . . . . 33Removing a Trading Partner Pair From Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Chapter 5: Managing CertificatesIntroduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Managing Commerce Suite Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . 36

Creating Public-Key and Private-Key Material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Removing a Public-Key Pair Definition From the Database . . . . . . . . . . . . . . . . . . . 37Exporting Key-Pair Information to a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Reading Key-Pair Information From the Database . . . . . . . . . . . . . . . . . . . . . . . . . . 38Importing an X.509 Certificate and Corresponding Private-Key . . . . . . . . . . . . . . . . 38Displaying Active Public-Key Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Replicating a Public-Key Pair to a Remote Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Automatic Key Expiration Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Removing a Public-Key Pair From Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41


Chapter 6: Configuring a Backup Administrator

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Backup Administrator Configuration Settings. . . . . . . . . . . . . . . . . . . . . . 43

Primary Administrator Configuration Settings . . . . . . . . . . . . . . . . . . . . . 44

Appendix A: UNIX Configuration Information

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Running Commerce Suite in the Background on a Linux Server . . . . . . . 46

Running Commerce Suite in the Background on a HP-UX Server . . . . . 46

Appendix B: Commerce Suite Error Messages

Commerce Suite Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Appendix C: Database Schema for Commerce Suite Deployments

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Database Schema Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72accesscategory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72agentrole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72as2name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72certkey. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73cipher. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74errorcode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74filenamehist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74grouppermission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74hash. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75icssysinfo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75keyencryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75keypair. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76keyusagecode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77opdescription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78org . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78orgtpcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79p2proute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79permission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80


Appendix C: Database Schema for Commerce Suite Deployments, continued

protocolcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81servercomputer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81sscipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81sscompression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81sshash. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82sskeyencryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82tp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82tporgstatus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83tpurl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84usergroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84userlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85workorder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Introduction ...................................................................................................... 7

About This Document ...................................................................................... 7

Audience.......................................................................................................... 8

Introduction to the Commerce Suite Documentation Set................................. 9

Commerce Suite Documentation Roadmap .................................................. 10

Documentation Conventions.......................................................................... 12

Chapter 1: Overview

Chapter 1: OverviewIntroduction

IntroductionWelcome to the nuBridges Commerce Suite Administration Guide. This document introduces and outlines Commerce Suite’s features, services, and architecture.

About This DocumentThe Commerce Suite Administration Guide contains the following chapters:

• Chapter 1: Introduction. This chapter provides information about the Commerce Suite documentation set and the guide’s documentation conventions.

• Chapter 2: Introduction to Commerce Suite. This chapter describes the Commerce Suite product and how it can benefit your business. This chapter also introduces the command-line interface and describes the Commerce Suitearchitecture.

• Chapter 3: Managing Commerce Suite Servers. This chapter describes how to define and manage servers using the Commerce Suite command line interface (CLI).

• Chapter 4: Managing Commerce Suite Trading Partners. This chapter describes how to define and manage trading partners using the Commerce Suitecommand line interface (CLI).

• Chapter 5: Managing Certificates. This chapter describes how to define and manage certificates using the Commerce Suite command line interface (CLI).

• Chapter 6: Configuring a Backup Administrator. This chapter describes how to configure a backup administrator so that, in the event of a failure of the primary administrator, those functions performed by the primary administrator continue to be executed.

• Appendix A: UNIX Configuration Information. This appendix describes how to run Commerce Suite in the background on a Linux server.

• Appendix B: Commerce Suite Error Messages. This appendix provides a description of error, informational, and warning messages that can be encountered while using the Commerce Suite software.

• Appendix C: Database Schema for Commerce Suite Deployments. This appendix illustrates the database schema used by Commerce Suite during database creation.

• Glossary. The Glossary provides a list of commonly used terms found in this document.

7

Chapter 1: OverviewAudience

AudienceThis guide is intended primarily for use by the Commerce Suite data administration personnel responsible for installation, configuration, maintenance, and use of the Commerce Suite system.

This document has been written with the assumption that Commerce Suiteadministrators and users have a general understanding of the following concepts and technologies:

• Your business application software and business practices• Electronic Data Interchange over the Internet (EDI-INT)• E-Commerce• Uniform Code Council (UCC)• Data types• Transport protocols• Security standards• The Internet• Windows operating systems• UNIX operating systems

8

Chapter 1: OverviewIntroduction to the Commerce Suite Documentation Set

Introduction to the Commerce Suite Documentation SetThe nuBridges Commerce Suite library consists of the following documents:

• Commerce Suite Release Notes. The release notes describe new features, maintenance updates, and important notes.

• Commerce Suite Getting Started Guide. This guide lists hardware and software requirements, describes Commerce Suite installation, configuration, and testing procedures, and includes post-installation considerations.

• Configuring Commerce Suite Clusters. This guide describes Commerce Suiteclusters and their benefits, and explains how to configure Commerce Suiteclusters using a configuration file or database.

• Commerce Suite Administration Guide. This guide describes how to manage Commerce Suite servers, trading partners, and certificates, and provides other important information for managing the Commerce Suite application.

• Commerce Suite Command Reference. This guide presents an overview of the Commerce Suite administration commands.

• Commerce Suite Protocol Connectivity Guide. This guide provides instructions for configuring Commerce Suite connectivity using FTP, SSL, and AS1 protocols.

• Commerce Suite Trading Community Manager User Guide. This guide describes how to configure and manage your trading community using the Trading Community Manager graphical user interface.

9

Chapter 1: OverviewCommerce Suite Documentation Roadmap

Commerce Suite Documentation RoadmapThe documentation should be read in the following order for you to understand and master the concepts and configurations required to get Commerce Suite up and running quickly:

1. Commerce Suite Release Notes

2. Commerce Suite Getting Started Guide

3. Configuring Commerce Suite Clusters

4. Commerce Suite Administration Guide

The following table provides information about the useful information found in the Commerce Suite documentation set. Topics include installation instructions, configuration procedures, and administration tasks that are focused on providing you with the information you need to get up and running quickly.

Read... To Learn About...

Commerce Suite Release Notes • New features• Maintenance updates• Documentation updates• Important notes

Commerce Suite Getting Started Guide • The nuBridges AS2 solution• Installing Commerce Suite• Firewall configuration• Licensing and upgrading• Configuring Commerce Suite• Testing Commerce Suite• Work orders • Configuration files• Sending and receiving data• Adding new trading partners• Testing trading partner connectivity• Connecting Commerce Suite to a

supported RDBMS• Oracle, SQL, DB2, Access, and

Informix database support

10

Chapter 1: OverviewCommerce Suite Documentation Roadmap

Configuring Commerce Suite Clusters • Understanding Commerce Suiteclusters

• Setting up a cluster using a configuration file

• Setting up a cluster using a supported database

Commerce Suite Administration Guide • Commerce Suite basics• Managing Commerce Suite servers• Managing Commerce Suite trading

partners• Managing Commerce Suite

certificates• Configuring a backup administrator• Commerce Suite error messages• Database schema for Commerce Suite

deploymentsCommerce Suite Command Reference • Commerce Suite commands and

parametersCommerce Suite Protocol Connectivity Guide

• Configuring Commerce Suite for use with AS1, FTP, and SSL.

Trading Community Manager User Guide

• Trading Community Manager (TCM) hardware and software requirements

• Installing TCM• Configuring TCM• Managing organization• Managing servers and services• Managing groups and users• Managing trading partners and

relationships• Managing work orders and certificates• Managing events and reports

Read... To Learn About...

11

Chapter 1: OverviewDocumentation Conventions

Documentation ConventionsThis section will familiarize you with the features of this guide. As you will notice, the left side of this guide has a section that is used for notes, references, and warnings. These notes are identified by the following icons:

This guide also utilizes text formatting to help you locate and identify information. Review the table below for details on the text formatting used in this guide.

Designates a reference relevant to the adjacent text. The reference may refer to a procedure, text in another document, or a definition.

Designates there is additional information that is relevant to the text on the right side.

Designates a warning or important piece of information.

Text Format Example Explanation

BoldClick Done.orGo to the User Details section.

Denotes a section of a screen, field, button, page, menu, or literal text that should be typed.

Italics

See the Introduction section on page 6.or Open the configuration.cfg file.

Denotes a reference to a document section, chapter, or a filename.

Bold Italics

e222or Review the nuBridges Commerce Suite User Guide for more information.

Denotes a product name or document title.

SMALL CAPS Press ENTER. Denotes a key located on the keyboard.

KEY + KEY CTRL + N

Denotes that both keys specified should be pressed at the same time. For example, to execute CTRL + N, you would simultaneously press the CTRL key and the letter N on the keyboard.

monospace Type -tr at the command line. Indicates a command that should be typed as displayed.

<monospace> <CustomerName>Indicates a code variable should be typed.

monospace -tr Indicates sample code.<monospace> <CustomerName> Indicates a sample code variable.

12

Chapter 1: OverviewDocumentation Conventions

↵

addpair <from> <to>↵ <to-URL> <rcpt-URL>↵ <notify-name> <inbox>↵ [in|out] [<send-parma>]

Indicates the line of code wraps to the next line in this documentation only. When you enter the code in Commerce Suite, it should not be split between multiple lines.

{ } -tb<timeout{s|ms}> Indicates a set of choices from which you must choose one.

| [in|out]Separates two mutually exclusive choices in a syntax line. Type one of the choices, not the symbol.

[ ][in|out]

Indicates optional parameters. You typically type only the information within the brackets, not the brackets.

... importkey <from> <to> <usage>↵ <option> [...]

Indicates that a parameter can be repeated several times in a command line. You enter only the information, not the ellipsis (...).

Text Format Example Explanation

13

Introduction .................................................................................................... 15

The Commerce Suite Solution....................................................................... 15

Certified Platforms ......................................................................................... 16

The Commerce Suite Advantage................................................................... 17Supports the EDI-INT Specification ..................................................................................17Ensures Data Integrity and Confidentiality........................................................................17Enables a High Performance, High Availability Trading Community ................................17Assure Reliable Trading Community Data Delivery..........................................................17

Commerce Suite Architecture........................................................................ 18Multi-threaded Execution ..................................................................................................18Dynamic Scalability...........................................................................................................19Failsafe Redundancy ........................................................................................................19Data Asset Protection .......................................................................................................19

Commerce Suite Services Overview ............................................................. 20Understanding the Console Service .................................................................................20Understanding the Serialization Service...........................................................................21Understanding the Control Service...................................................................................21Understanding the Outbound Service...............................................................................21Understanding the Inbound Service .................................................................................22Understanding the Out-Beacon Service ...........................................................................22Understanding the Router Service....................................................................................23

Understanding Commerce Suite Roles ......................................................... 24Understanding the Transport Role....................................................................................24Understanding the Router Role ........................................................................................24Understanding the Admin Role.........................................................................................24

Chapter 2: Introduction to Commerce Suite

Chapter 2: Introduction to Commerce SuiteIntroduction

15

IntroductionThis chapter provide an overview of the Commerce Suite product. After reviewing this chapter, you will have an understanding of how to configure Commerce Suite to best serve your organization.

The Commerce Suite SolutionWhether you are using private networks or the Internet, today’s competitive business environment demands a secure and reliable solution for exchanging data between trading partners.

Building a successful Internet-based trading community requires a high performance, high availability e-business solution that enables businesses to connect simply, securely, and reliably over public networks.

The nuBridges Commerce Suite solution delivers the performance, scalability, reliability, and security necessary to manage your Internet-based trading community.

The nuBridges Commerce Suite supports industry standards, enabling businesses to send and receive any type of data using multiple communication protocols and security models. Commerce Suite can be downloaded over the Internet and rapidly deployed to put your business in contact with it’s trading partners.

The nuBridges Commerce Suite enables your enterprise with the profile, communication, security, and rollout management necessary to ensure the integrity of your business partner relationships.

The nuBridges Commerce Suite solution is certified by the Uniform Code Council (UCC) and is also in full compliance with the Internet Engineering Task Force (IETF) Electronic Data Interchange over the Internet (EDI-INT) specification.

Support for the EDI-INT specification ensures that EDI trading partners and user agents can use the Internet as a transport medium to conduct business between EDI systems and provide secure EDI over the Internet.

The Commerce Suite application provides your enterprise with the following business benefits:

• Supports multiple data types, transport protocols, and security standards• Supports a wide range of platforms• Utilizes high-performance technology to maximize throughput• Enables complete Privacy, Authentication, Integrity, and Non-Repudiation of

all transactions• Supports certificates from all major security vendors and provides a Public Key

Infrastructure (PKI) solution generating X.509 certificates• Offers high-availability failover and restart

16

Chapter 2: Introduction to Commerce SuiteCertified and Supported Platforms

Certified and Supported PlatformsThe 3.5.1 release of Commerce Suite has been certified to run on and work with the platforms and databases listed in the table below. Customers using Commerce Suite on any of the certified platforms listed below can receive support from nuBridges Customer Services should they encounter an issue while using Commerce Suite. Please note that builds for Pro*C environments are available upon request.

X = denotes a certified platform eligible for support from nuBridges Customer ServicesC = denotes compatibility; however, the platform is not supported

OPERATING SYSTEM

Database TypeWindows

2003 Server2008 Server

Windows XP

Windows Vista Windows7

AIX 5.1AIX 5.2AIX 5.3

Solaris 8Solaris 9

Solaris 10-SPARCSolaris10-Intel

HP-UX11.00 PA

HP-UX 11.11 PA

HP-UX 11.23 IT

HP-UX 11.31 IT

Red HatES 3

Red HatES 4

Red HatES 5

SuSe Ent. 9SuSe Ent. 10

Standalone X X X X X X X X X X X X X X

MS Access 2002 X X X X



MSSQL Server 2000 X X X

MSSQSL Server 2005 X X X

MySQL 3.23 C C C

MySQL 4.1 X(AIX 5.2 only)

X C X X(SuSe Ent. 9 only)

MySQL 5.0 X(AIX 5.2 only)

X C X X(SuSe Ent. 9 only)

Oracle 8i X(AIX 5.1 &

AIX 5.2 only)

X(Solaris 8 and 9 only)

X

Oracle 9i X X X X(AIX 5.2 only)

X(Solaris 8, 9, & 10-

SPARC only)

X X X X X

Oracle 10G X X X X(AIX 5.3 only)

X(Solaris 10-SPARC &

10-Intel only)

X X X X X X

Informix 9.3 X X

DB2 8.x X X

DB2 9 X X

Chapter 2: Introduction to Commerce SuiteThe Commerce Suite Advantage

The Commerce Suite AdvantagenuBridges Commerce Suite provides the required capabilities for managing the largest and smallest trading communities.

Supports the EDI-INT SpecificationFull compliance with the Internet Engineering Task Force (IETF) Electronic Data Interchange over the Internet (EDI-INT) specification ensures that EDI trading partners and user agents can use the Internet as a transport medium to conduct business between EDI systems and provide secure EDI over the Internet.

Ensures Data Integrity and ConfidentialitySupport for industry security standards ensures the integrity and confidentiality of data over the Internet or other public networks. nuBridges’s solution supports the creation and application of digital signatures and their verification to provide for non-repudiation of message origination and receipt.

Enables a High Performance, High Availability Trading CommunityCommerce Suite utilizes high performance technologies to maximize throughput by implementing multi-threading and multi-tasking for scalable parallel processing. Support for data compression and platform-specific performance features enable you to fine tune options to optimize Commerce Suite compatibility with your network configuration.

Assure Reliable Trading Community Data DeliveryCommerce Suite assures reliable data delivery through session management and extensive recovery features and also provides automatic notification of transfer completion. These features, along with high-availability failover and restart capabilities enable automatic load balancing between multiple computers ensuring data throughput.

17

Chapter 2: Introduction to Commerce SuiteCommerce Suite Architecture

Commerce Suite ArchitectureThe following sections discuss the principles of operation and the fundamental concepts underlying the Commerce Suite architecture.

• Multi-threaded Execution• Dynamic Scalability• Failsafe Redundancy• Data Asset Protection

Multi-threaded ExecutionTo accomplish a broad variety of data-processing operations while maintaining an efficient and robust design, the major operations of the Commerce Suite application are executed as discrete services operating concurrently within a single process. For example, at any given moment, the Commerce Suite may be in the process of both receiving an inbound data stream and also preparing a file to be sent to a remote computer.

The integrity of each independent task being performed by the computer is essential. To protect each discrete operation and to more efficiently organize program logic, the Commerce Suite application executes its code in the context of multiple threads of execution within the overall application process. The operating system reserves time to execute each thread in a cooperative manner, switching between threads at regular intervals. Usually these thread-to-thread interruptions occur when a thread requests access to a system resource that would otherwise, in a single-threaded environment, impose a delay in processing due to media-access time. So, for example, while one thread is waiting for a disk or network event to complete, other threads may obtain CPU attention.

Commerce Suite Configuration

Prior to installation, configuration, and operation of the Commerce Suite application, careful consideration needs to be given to the quantity and characteristics of data to be interchanged between Internet hosts so that the Commerce Suite configuration will be optimal. To facilitate broad scalability in both processing and storage capacity, Commerce Suite operation is considered in terms of three basic roles that can be shared by a single process or divided among many cooperating host computers depending on resource requirements. The three basic roles are:

• Transport• Router• Admin (Administration)

18

Chapter 2: Introduction to Commerce SuiteCommerce Suite Architecture

19

Dynamic ScalabilityOne of the essential qualities of a real-time communications system is the ability to dynamically tune the performance of the system without requiring system down-time. A Commerce Suite configuration can be dynamically scaled by adding or removing Transport agents without shutting down any other agent in the configuration. When a new Transport agent is started and configured to participate in a Transport agent group, or pool, the Transport agent automatically notifies any Router or Admin agent on its local network segment of its presence by periodically sending a small Universal Datagram Protocol (UDP) packet. Conversely, when a Transport agent is shut down, Router and Admin agent on the local network segment become aware of the removal of the Transport agent by detecting that UDP packets are no longer being transmitted by the Transport agent.

Failsafe RedundancyAnother essential quality of a robust software system is redundancy. A Commerce Suite configuration can be configured with multiple Router agents and multiple Admin agents in order to insure that the secure flow of business information is not interrupted, even if a Router or Admin agent is shut down. More than one Router agent can service the same Transport agent pool, since each inbound data connection is serviced by separate, dedicated threads in each agent. Likewise, more than one Admin agent can distribute data-transfers to the same pool of Transport agents.

Data Asset ProtectionData security is of prime importance for any business enterprise. The typical solution to avoid unauthorized access to computer systems connected to the Internet is the use of a firewall - hardware and software specifically designed to prevent certain network traffic. When one or more firewalls are used, it is critical that software systems avoid compromising the inherent security of the firewall by requiring that inbound connections be permitted through the firewall. To ensure firewall security, a Commerce Suite configuration option, known as Data Asset Protection (DAP), can be employed to guarantee that no Internet assailant can ever jeopardize the integrity of computing assets behind a firewall. To accomplish this, a Commerce Suite Enterprise Configuration employs one or more Admin agents to connect out from the inner Local Area Network (LAN) to the Transport agent pool to collect inbound data while it is still in its encrypted form. After the data is retrieved, the decryption of the data is accomplished within the secure inner LAN. In the Commerce Suite Enterprise Configuration with DAP, the Transport agents may be equipped with two network interfaces each, ensuring that no sensitive data is exposed to a network segment that is publicly addressable.

When using DAP, the Admin agents do not listen for UDP notifications from the Transport agent pool. Instead, they remotely configure the Transport and Router agents themselves by connecting to a known set of IP addresses and sending configuration commands to setup and start each Transport and Router agent. Therefore, no configuration data need be present outside the secure inner LAN.

Chapter 2: Introduction to Commerce SuiteCommerce Suite Services Overview

Commerce Suite Services OverviewBefore configuring the Commerce Suite application, it is helpful to understand the operation of the various threads of execution that comprise the Commerce Suiteprocess. A thread may be understood as a series of computer instructions executed within the context of a single machine state, that is, the set of internal registers managed by the computer’s central processing unit (CPU). In a multi-threaded processing environment, such as UNIX or Windows NT, a single process may possess multiple independent threads executing machine instructions in various different parts of the program concurrently. The operating system divides its attention between threads by preemptively switching between machine states.

The Commerce Suite is written to take advantage of preemptive multitasking systems by devoting a thread to a particular purpose, such as listening for inbound connections or scanning for expiring certificates. Each of these threads may be thought of as providing Commerce Suite an independent service.

The Commerce Suite process is divided into the following services:

• Console• Serialization• Control• Outbound• Inbound• Work Order• Beacon• Router

Understanding the Console ServiceThe Console service performs the basic initialization, main logic loop, and finalization tasks for the application. This thread is the first application thread to be started by the operating system and the last thread to terminate when the application stops.

The initialization portion of this thread establishes communication with the underlying network communication layer. The main logic loop accepts operator input to manipulate application operation, manually initiate tasks, or initiate application termination. The finalization task gracefully terminates the application and releases allocated system resources. Operator access to the Console service is provided through the terminal at the host computer.

20


Understanding the Serialization ServiceThe Serialization service is started automatically during program initialization. This service manages access to file and memory resources that are shared between other threads. Although the Commerce Suite application operates as several independent threads, some resources such as disk files and common memory areas must be accessed by only one thread at a time. In order to ensure that each thread is able to complete its access to these shared resources before being interrupted by another thread, the Serialization service acts as a gatekeeper, allowing only one service to access shared resources at the same time.

Understanding the Control ServiceThe Control service actively listens for incoming connections on a TCP/IP port dedicated to receiving command messages from an Admin agent, that is, a Commerce Suite process configured for the Admin role. Admin agents regularly connect to Transport and Router agents to send configuration data and to receive status information and inbound data. These connections from the Admin agent are always made to the Transport or Router agent’s Control port. By default, this port is the Internet Assigned Numbers Authority (IANA) -assigned Internet Protocol’s Reserved Port for the nuBridges-ics service (port 3501). However, alternate ports may be configured for this purpose. Note that an Admin agent always initiates control service connections. Transport and Router agents never connect directly to Admin agents. This design is to allow the Transport and Router agents to be located in relatively less secure network locations, such as DMZ’s, whereas the Admin agent and associated databases could be located in a more secure location protected by a firewall disallowing inbound connections.

Understanding the Outbound ServiceThe Outbound service is responsible for preparing data for transmission, initiating and supervising the transmission of data to other computers, recording the result of the transmission, and rescheduling the transmission in the case of errors or as user preferences require. The Outbound service polls an outbound queue for outgoing data and creates session threads for each individual outbound send operation.

The outbound queue is a list of transactions that carry addressing and status information about the data to be sent. Two types of send operations are found on the outbound queue: single-send operations and recurring-send operations. The single-send operation is simply a send of a file from one location to another. The recurring-send operation represents any iterative event, typically either a periodic send (for example, a weekly status report) or a drop-box configuration wherein an outbox location is continuously scanned for outgoing data. Both single-send and recurring-send operations can be configured with retry parameters to handle the situation where

21


a send operation fails. Any send can be configured to be retried a specified number of times at a specified interval. When combined with the Router services ability to buffer and spool incoming data to a pool of Transport agents, both sending and receiving locations share in the responsibility of reliably transmitting data.

In a configuration where several Transport agents are receiving inbound data, the Admin agent will typically be the primary sending agent. In configurations that do not require an Admin agent, the Transport agent(s) may both send and receive data.

Understanding the Inbound ServiceThe Inbound service is responsible for receiving data being sent to the host computer, either directly from a remote host or from a Router agent, preparing and sending suitable responses or receipts to the sending host, properly terminating the inbound connection, delivering the received data to the proper location or service, and recording the result of the inbound operation. In fact, more than one distinct inbound service may be in operation at any given moment. Each instance of the inbound service is tailored to a specific network messaging protocol (for example, HTTP or HTTPS) and is assigned to a specific Internet protocol address and port on which to listen for incoming connections. Moreover, each Inbound Service instantiates an Inbound Session Thread for each concurrent inbound operation, isolating each independent inbound connection.

Understanding the Out-Beacon ServiceCommerce Suite processes acting in the Transport role use the Beacon service. The Beacon service periodically emits a small packet of information using UDP. This packet is broadcast to the local network segment, informing any Router agent of the Transport’s existence on the network. Using this mechanism to advertise the Transport’s existence to the Router permits the Router to operate without explicit information of the Transports beforehand and the ad hoc addition or removal of Transport agents without having to reconfigure the Router. The packets of data broadcast by the Beacon service include the TCP/IP addresses and ports that the Transport agent is listening on for incoming data. The Router agent collects these addresses and ports into a dynamic list of servers to which incoming data can be sent to provide load-balancing. The packets also contain other information about the Transport including a routing group number to permit the configuration of several distinct load-balancing server groups on the same local network or the establishment of a hierarchical load-balancing configuration.

22


23

Understanding the Router ServiceThe Router service uses two or more threads of execution. First, one thread listens for incoming UDP broadcast packets from Transport agents advertising their presence to the Router agent. This thread collects the broadcast packets and maintains a linked-list of Transport agent records, which indicate which TCP/IP address should be connected-to when forwarding incoming data. Additionally, an inbound thread listens for incoming data for a particular Internet Protocol (HTTP or HTTPS). This thread is the first to receive incoming data from a remote host when the Router role is used in a multi-server configuration. This inbound thread logic differs from the Transport agent’s inbound logic. The Router service does not expect to parse or decrypt incoming data. Therefore, the Router agent does not make assumptions or decisions relating to the processing of data based on the contents of the data.

The Router service is responsible, however, for ensuring that all data received from a remote host is delivered to a Transport agent for processing. To make this happen, the Router service queues incoming data while also forwarding it to a Transport agent. If the connection to the Transport agent is interrupted, the Router service will temporarily suspend receiving data from the remote host while it establishes a new connection to another Transport agent and forwards to it all data as yet received from the remote host. When all data is forwarded successfully, the Router will again attempt to receive more data from the remote host. The Router service does not disconnect from either the remote host or the Transport agent until one of the connections is terminated by the owning processes.

Under normal circumstances, each Router session will:

• Forward all incoming data from the remote host connection to the Transport agent.

• Forward all response data from the Transport agent to the remote host.• Detect that the Transport agent has closed an inboard connection.• Close the connection to the remote host.

Chapter 2: Introduction to Commerce SuiteUnderstanding Commerce Suite Roles

24

Understanding Commerce Suite RolesCommerce Suite operation is considered in terms of three basic roles, which can be shared by a single process, or divided among many cooperating host computers depending on resource requirements. The three basic roles are Transport, Router, and Administration.

Understanding the Transport RoleThe Transport role combines the most fundamental operations of Commerce Suite: compression and decompression, encryption and decryption, digital signing and signature verification, and sending and receiving data.

With the decryption and signing operations being the most mathematically intensive operations performed by the Transport role, if large numbers of digitally signed and encrypted messages need to be sent between computers, it is recommended that the Transport role be divided across several processors to enhance throughput.

Understanding the Router RoleThe Router role provides software-based load sharing between multiple computers providing the Transport role. The Router provides a single point of entry for data of a given Internet protocol that can then be distributed to one or many Transport agents for processing. The Router balances incoming data across a pool of Transport agents. The Router also provides a fail-safe mechanism against the eventuality of a Transport failure by buffering incoming data until an entire message can be safely delivered to a Transport agent.

Understanding the Admin RoleThe Admin role provides several important services in a Commerce Suiteconfiguration. One of these services is outbound distribution. This is the logical reverse of inbound load balancing performed by the Router. The Admin agent facilitates outbound load balancing by distributing the data-sending workload among a group of transport agents in the same way that the Router agent distributed inbound data-receiving workloads.

The Admin role also provides a Web-based user interface to support the definition and maintenance of data-interchange relationships. In the electronic commerce industry, such defined interchanges are often referred to as trading partner relationships. Such a relationship defines the Internet address of the participating computers, message delivery options, and data-security parameters such as the certificates to be used for signature creation and key-encryption. The Admin agent also is responsible for configuring the Transport and Router agents and for replicating configuration updates to these roles if they are being hosted on separate processors.

Introduction .................................................................................................... 26

Managing Commerce Suite Servers.............................................................. 26Defining a New Commerce Suite Server Profile...............................................................26Inserting a Commerce Suite Server Profile Into the Database .........................................27Displaying a List of Defined Commerce Suite Servers .....................................................27Reading Commerce Suite Server Settings From a Database ..........................................28Removing a Server Profile From a Database ...................................................................28Removing a Server Profile From Memory ........................................................................29Starting a Remote Commerce Suite Server on a Remote Host........................................29

Chapter 3: Managing Commerce Suite Servers

Chapter 3: Managing Commerce Suite ServersIntroduction

IntroductionThis section describes how to define and manage servers using the Commerce Suitecommand line interface (CLI).

Managing Commerce Suite ServersThe following topics provide instructions for managing your Commerce Suite servers using the CLI:

• Defining a New Commerce Suite Server Profile• Inserting a Commerce Suite Server Profile Into the Database• Displaying a List of Defined Commerce Suite Servers• Reading Commerce Suite Server Settings From a Database• Removing a Server Profile From a Database• Removing a Server Profile From Memory• Starting a Remote Commerce Suite Server on a Remote Host

Refer to the Commerce Suite Getting Started Guide for instructions on starting the Commerce Suite application and accessing the command line interface.

Defining a New Commerce Suite Server ProfileCommerce Suite server profiles are defined as server/protocol combinations defining Transport and Router Agent inbound services. Both of these services are remotely configured by an Administrative Agent and must be started remotely by an Administrative Agent.

Defining a new Commerce Suite server profile is accomplished using the addservercommand. Follow the steps below to define a new Commerce Suite server profile using the Commerce Suite CLI.

1. Start the Commerce Suite application if it is not already running.

2. At the command prompt, enter the addserver command using the following syntax:

addserver <name> <group> <role> <url> <control-URL>

Refer to the Commerce Suite Command Reference Guide for additional information on using the addserver command.

26

Chapter 3: Managing Commerce Suite ServersManaging Commerce Suite Servers

Inserting a Commerce Suite Server Profile Into the DatabaseFollow the steps below to insert a Commerce Suite server profile into the database.


2. At the command prompt, enter the insertserver command using the following syntax:

insertserver <name> <group> <role> <url> <control-url>

Refer to the Commerce Suite Command Reference Guide for additional information on using the insertserver command.

Displaying a List of Defined Commerce Suite ServersFollow the steps below to display a list of defined Commerce Suite servers.


2. At the command prompt, enter the listservers command using the following syntax:

listeservers

Refer to the Commerce Suite Command Reference Guide for additional information on using the listservers command.

27


Reading Commerce Suite Server Settings From a DatabaseReading Commerce Suite server settings from a database is accomplished using the getservers command. This command retrieves all remote service and Agent information from the database and populates the Commerce Suite memory with the material needed to remotely configure Agents and issue remote commands.

The getservers command is only functional if the database parameters have been defined with the set -d* commands and the start database command has been issued.

Follow the steps below to display a list of defined Commerce Suite servers.


2. At the command prompt, enter the getservers command using the following syntax:

getservers

Refer to the Commerce Suite Command Reference Guide for additional information on using the getservers command.

Removing a Server Profile From a DatabaseFollow the steps below to remove a server profile from a database.


2. At the command prompt, enter the deleteserver command using the following syntax:

deleteserver <name>

Refer to the Commerce Suite Command Reference Guide for additional information on using the deleteserver command.

28


Removing a Server Profile From MemoryFollow the steps below to remove a server profile from memory.


2. At the command prompt, enter the removeserver command using the following syntax:

removeserver <name>

Refer to the Commerce Suite Command Reference Guide for additional information on using the removeserver command.

Starting a Remote Commerce Suite Server on a Remote HostFollow the steps below to start a remote Commerce Suite server on a remote host.


2. At the command prompt, enter the remoteserver command using the following syntax:

remoteserver <name> <listener-url>

Refer to the Commerce Suite Command Reference Guide for additional information on using the remoteserver command.

29

Introduction .................................................................................................... 31

Managing Trading Partner Relationships....................................................... 31Defining a New Trading Partner Pair ................................................................................31Inserting a Trading Partner Pair into a Database..............................................................32Displaying Active Trading Partner Pairs ...........................................................................32Reading Trading Partner Pair Data From a Database......................................................33Removing a Trading Partner Pair from a Database..........................................................33Removing a Trading Partner Pair From Memory ..............................................................34

Chapter 4: Managing Commerce Suite Trading Partners

Chapter 4: Managing Commerce Suite Trading PartnersIntroduction

IntroductionThis section describes how to define and manage trading partners using the Commerce Suite command line interface (CLI).

Managing Trading Partner RelationshipsThe following topics provide instructions for managing your trading partner relationships using the CLI.

• Defining a New Trading Partner Pair• Inserting a Trading Partner Pair into a Database• Displaying Active Trading Partner Pairs• Reading Trading Partner Pair Data From a Database• Removing a Trading Partner Pair from a Database• Removing a Trading Partner Pair From Memory

Refer to the Commerce Suite Getting Started Guide for instructions on starting the Commerce Suite application and accessing the command line interface.

Defining a New Trading Partner PairA trading partner relationship (or pair) consists of a set of data describing how data may be transferred from one defined trading partner to another defined trading partner. A trading partner may be identified and defined using an alphanumeric sequence of characters or a user-defined company or institution name.

Defining a new trading partner relationship (or pair) is accomplished by using the Commerce Suite addpair command. The addpair command defines a new trading partner relationship and stores trading partner relationship information in memory.

Follow the steps below to define a new trading partner pair from the Commerce Suitecommand line interface.


2. At the command prompt, enter the addpair command using the following syntax:

addpair <from> <to> <to-URL> <rcpt-URL> <notify-name>↵ <inbox> [in|out][<send-parameters>]

Refer to the Commerce Suite Command Reference Guide for additional information on using the addpair command.

31

Chapter 4: Managing Commerce Suite Trading PartnersManaging Trading Partner Relationships

Inserting a Trading Partner Pair into a DatabaseYou can use the Commerce Suite command-line interface to insert a trading partner pair into a database.

Follow the steps below to insert a trading partner into the database.


2. At the command prompt, enter the insertpair command using the following syntax:

insertpair <from> <to> <to-URL> <rcpt-URL>↵ <notify-name> <inbox> [in|out][<send-parameters>]

Refer to the Commerce Suite Command Reference Guide for additional information on using the insertpair command.

Displaying Active Trading Partner PairsThe Commerce Suite application allows you to view active and defined trading partner relationships (or pairs) using the command-line interface.

Displaying active trading partner pairs using the Commerce Suite CLI is accomplished using the listpairs command.

Follow the steps below to display active trading partner pairs.


2. At the command prompt, enter the listpairs command using the following syntax:

listpairs

Refer to the Commerce Suite Command Reference Guide for additional information on using the listpairs command.

32


Reading Trading Partner Pair Data From a Database

You can use the Commerce Suite command-line interface to read trading partner pair data from a database. Reading trading partner pair data from a database is accomplished using the getpairs command. The getpairs command retrieves all trading partner relationship information from the database and populates the Commerce Suite memory with the configuration material needed to process message transfers.

The getpairs command is only functional if the database parameters have been defined with the set -d* commands and the startdatabase command has been issued.

Follow the steps below to read trading partner pair data from a database.


2. At the command prompt, enter the getpairs command using the following syntax:

getpairs

Refer to the Commerce Suite Command Reference Guide for additional information on using the getpairs command.

Removing a Trading Partner Pair from a DatabaseYou can use the Commerce Suite command-line interface to remove a trading partner pair from a database. Removing a trading partner pair from a database is accomplished using the deletepair command.

Follow the steps below to remove a trading partner pair from a database.


2. At the command prompt, enter the deletepair command using the following syntax:

deletepair <from> <to> <protocol>

Refer to the Commerce Suite Command Reference Guide for additional information on using the deletepair command.

33


Removing a Trading Partner Pair From MemoryYou can use the Commerce Suite command-line interface to remove a trading partner pair from memory. Removing a trading partner pair from memory is accomplished using the removepair command.

Follow the steps below to remove a trading partner pair from memory.


2. At the command prompt, enter the removepair command using the following syntax:

removepair <from> <to> <protocol>

Refer to the Commerce Suite Command Reference Guide for additional information on using the removepair command.

34

Introduction .................................................................................................... 36

Managing Commerce Suite Certificates ........................................................ 36Creating Public-Key and Private-Key Material..................................................................36Removing a Public-Key Pair Definition From the Database .............................................37Exporting Key-Pair Information to a File ...........................................................................37Reading Key-Pair Information From the Database...........................................................38Importing an X.509 Certificate and Corresponding Private-Key .......................................38Displaying Active Public-Key Pairs ...................................................................................39Replicating a Public-Key Pair to a Remote Host ..............................................................39Automatic Key Expiration Notification...............................................................................40Removing a Public-Key Pair From Memory......................................................................41

Chapter 5: Managing Certificates

Chapter 5: Managing CertificatesIntroduction

IntroductionThis section describes how to define and manage certificates using the Commerce Suite command line interface (CLI).

Managing Commerce Suite CertificatesThe following topics provide instructions for managing your Commerce Suitecertificates using the CLI.

• Creating Public-Key and Private-Key Material• Removing a Public-Key Pair Definition From the Database• Exporting Key-Pair Information to a File• Reading Key-Pair Information From the Database• Importing an X.509 Certificate and Corresponding Private-Key• Displaying Active Public-Key Pairs• Replicating a Public-Key Pair to a Remote Host• Removing a Public-Key Pair From Memory

Creating Public-Key and Private-Key MaterialPublic-key and private-key material is used for data encryption and authentication purposes and produced for a specific use by a specific trading relationship. The public-key is exportable to an X.509 digital-certificate format. The private-key is exportable to a PKS#1 RSA private-key format. Both the public and private key data may be stored in the database.

Creating public-key and private-key material is accomplished using the addkeycommand. Perform the following steps to create public and private-key material using the Commerce Suite CLI:


2. At the command prompt, enter the addkey command using the following syntax:

addkey <from> <to> <usage> <key-bits> <issuer> <subject>

Refer to the Commerce Suite Command Reference Guide for additional information on using the addkey command.

36

Chapter 5: Managing CertificatesManaging Commerce Suite Certificates

Removing a Public-Key Pair Definition From the DatabaseRemoving a public-key pair definition from the database is accomplished using the deletekey command.

Follow the steps below to delete the public-key pair definition from the database using the Commerce Suite CLI.


2. At the command prompt, enter the deletekey command using the following syntax:

deletekey <from> <to> <usage>

Refer to the Commerce Suite Command Reference Guide for additional information on using the deletekey command.

Exporting Key-Pair Information to a FileExporting key-pair information to a file is accomplished using the exportkeycommand.

Follow the steps below to export key-pair information to a file using the Commerce Suite CLI.


2. At the command prompt, enter the exportkey command using the following syntax:

exportkey <from> <to> <usage> <certificate-file>↵ <private-key-file>

Refer to the Commerce Suite Command Reference Guide for additional information on using the exportkey command.

37


Reading Key-Pair Information From the DatabaseReading key-pair information from the database is accomplished using the getkeyscommand. The getkeys command retrieves all certificate and key material information from the database and populates the Commerce Suite memory with the security material needed to process message transfers.

Follow the steps below to read key-pair information from the database using the Commerce Suite CLI.


2. At the command prompt, enter the getkeys command using the following syntax:

getkeys

Refer to the Commerce Suite Command Reference Guide for additional information on using the getkeys command.

Importing an X.509 Certificate and Corresponding Private-Key

Importing an X.509 certificate and corresponding private-key is accomplished using the importkey command. The imported key material must be associated with a defined trading partner relationship and usage code.

Follow the steps below to import an X.509 certificate and corresponding private-key using the Commerce Suite CLI.


2. At the command prompt, enter the importkey command using the following syntax:

importkey <from> <to> <usage> -fC<filename>.cer↵ -fK<filename>.prv

Refer to the Commerce Suite Command Reference Guide for additional information on using the importkey command.

38


Displaying Active Public-Key PairsDisplaying active public-key pairs is accomplished using the listkeys command.

Follow the steps below to display active public-key pairs using the Commerce SuiteCLI.


2. At the command prompt, enter the listkeys command using the following syntax:

listkeys

Refer to the Commerce Suite Command Reference Guide for additional information on using the listkeys command.

Replicating a Public-Key Pair to a Remote HostReplicating a public-key pair to a remote host is accomplished using the remotekeycommand.

Follow the steps below to replicate a public-key pair to a remote host using the Commerce Suite CLI.


2. At the command prompt, enter the remotekey command using the following syntax:

remotekey <from> <to> <usage> <cert> <key>

Refer to the Commerce Suite Command Reference Guide for additional information on using the remotekey command.

39


Automatic Key Expiration NotificationYou have the option to receive a notification that a certificate is about to expire. You can have the notification sent via a WARN message by activating the startcertpolling command or, if you have an SMTP server with appropriately configured credentials, you can receive an email notification in addition to the WRN message. If you would like to receive email alerts, make sure that your alert level is set to 2 (warning messages and error messages).

startcertpolling

This command initiates the certificate expiry polling process. It is imperative that the startcertpolling command is placed properly in the icssvr.cfg file. If you want to have Commerce Suite poll for certificate expiration at start up, the startcertpolling command must be placed in the configuration file after the importkeys, getkeys, and/or getall commands. This ensures that all relevant certificate and key information is loaded prior to polling. If the startcertpolling command is run before certificates and keys are loaded, there will be no certificates/keys available for polling; therefore you will not receive notice if there are keys set to expire.

Syntax

startcertpolling -tC<h|d> -tS<d>

Required Parameters

-tC<h|d> Specify (in hours or days) how frequently to scan certificates for expiration dates.

-tS<d> Specify how many days out a certificate should be set to expire in order to invoking an alert.

Command Examples

startcertpolling -tC<12h> -tS<14>

Poll the certificates every twelve hours. Notify user if there are any certificates set to expire within 14 days.

startcertpolling -tC<1d> -tS<30>

Poll the certificates every once a day. Notify user if there are any certificates set to expire within the next 30 days.

The startcertpolling command must be listed

after any certificate/key import commands in the configuration file if you want it to poll immediately, otherwise polling will begin at the next scan interval. If you want to poll certificates as part of your startup process, make sure that the startcertpolling command in listed after the import certificate/key commands in icssvr.cfg.

40


stopcertpolling

This command stops the certificate expiry polling process.

Syntax

stopcertpolling

Parameters

There are no required or optional parameters necessary when executing the stopcertpolling command.

Removing a Public-Key Pair From MemoryRemoving a public-key pair from memory is accomplished using removekeycommand.

Follow the steps below to remove a public-key pair from memory using the Commerce Suite CLI.


2. At the command prompt, enter the removekey command using the following syntax:

removekey <from> <to> <usage>

Refer to the Commerce Suite Command Reference Guide for additional information on using the removekey command.

41

Introduction .................................................................................................... 43

Backup Administrator Configuration Settings ................................................ 43

Primary Administrator Configuration Settings................................................ 44

Chapter 6: Configuring a Backup Administrator

Chapter 6: Configuring a Backup AdministratorIntroduction

IntroductionThe Commerce Suite application supports the ability to configure your secondary agent to act in the capacity of a backup administrator. A backup administrator is an agent that is instructed by its configuration parameters to monitor a primary administrative agent and assume the function of the primary administrator in the event that the primary administrator fails to regularly notify the backup administrator of its status.

The purpose of the backup administrator function is to provide a failover feature so that, in the event of a failure of the primary administrator, those functions performed by the primary administrator continue to be executed. The backup administrator polls the primary administrator each time the work-order interval expires.

Backup Administrator Configuration SettingsFollow the steps below to configure the backup administrator.

1. Set the maximum-primary-admin-poll count as follows:

set -an<num>

where <num> is a positive integer. This number represents the number of times that the backup administrator will tolerate a failure receiving the primary administrator's response before asserting itself as the primary administrator.

2. Set the primary-admin-hostname as follows:

set -ah<URL>

This option must be included in the backup administrator’s configuration file so that the agent can resolve the URL to an IP address and port in order to connect to the primary administrative agent.

For example:

set -an3 -ahp2p://127.0.0.1:5080 </command>

3. Set the work-order-interval as follows, if the default value (10 seconds) is not desired:

set -to<secs|msecs>

4. Designate the backup administrator by including the following set option in its configuration file:

set -gb

43

Chapter 6: Configuring a Backup AdministratorPrimary Administrator Configuration Settings

Primary Administrator Configuration SettingsStart the ICSMain service on the primary administrator by including the following command in the primary administrator agent's configuration file:

start p2p p2p://IPADDRESS:PORT

This is done so that the primary administrator can accept polling messages from the backup administrator. This URL should include the hostname or IP address and port on which the primary administrator should listen for incoming connections, if the <URL>parameter should correspond to the values provided in the backup administrator's set -uh parameter.

44

Introduction .................................................................................................... 46

Running Commerce Suite in the Background on a Linux Server .................. 46

Running Commerce Suite in the Background on a HP-UX Server................ 46

Appendix A: UNIX Configuration Information

46

Appendix A: UNIX Configuration InformationIntroduction

IntroductionThis topic contains special topics and instructions for configuring Commerce Suite on UNIX operating systems.

Running Commerce Suite in the Background on a Linux Server

Execute the following command within a shell script to run the Commerce Suiteapplication in the background on a Linux server.

nohup icssvr -e

This command completely frees the Commerce Suite application from a term session and will survive any interruption with the exception of a hardware change.

Running Commerce Suite in the Background on a HP-UX Server

Execute the following command within a shell script to run the Commerce Suiteapplication in the background on a HP-UX server.

nohup icssvr -e

This command completely frees the Commerce Suite application from a term session and will survive any interruption with the exception of a hardware change.

Commerce Suite Error Messages.................................................................. 48

Appendix B: Commerce Suite Error Messages

Appendix B: Commerce Suite Error MessagesCommerce Suite Error Messages

Commerce Suite Error MessagesThe following table contains a description of error, informational, and warning messages that can be encountered while using Commerce Suite.

Error “No text available”

Symptom Attempting to test with http://selftest.nubridges.com

Possible Causes

1. No notice record (the indicator that a file was successfully sent) was written to the database on selftest.nubridges.com when attempting to receive a file. The network connection between you and selftest.nubridges.com is preventing nuBridges from connecting to you.

2. A down or improperly configured firewall at either party's end, or either party's software is not currently running.

3. An incorrect URL or IP address was specified the SendtoiSoftServer.cfg file when it was uploaded to the Selftest Server.

4. Your external IP address is not static and has changed since you initially set up Commerce Suite Server.

Resolution 1. Verify that Commerce Suite (icssvr) is up and running.2. Verify that the internal IPAddress:Port is listed in the “Start Services”

section of your configuration file.3. Verify that your firewall is configured to forward packets bound for

the external IPAddress:Port to the internal IPAddress:Port. (Consult your firewall administrator for assistance.)

4. Verify that selftest.nuBridges.com resolves to an IP Address that is accepted by your firewall. (Consult your firewall administrator for assistance.)

5. Verify that the SendtoiSoftServer.cfg file has your external IPAddress:Port listed as the “To URL” for the Selftest Server.

6. Verify that your external IP address is a static (and not DHCP) address. Contact your Internet Service Provider (ISP) to confirm this.

ERR Invalid PKCS Block

Symptom Attempting to receive a file or MDN from a trading partner.

Possible Causes

1. The private key (.prv file) is corrupt and may also be failing to load on startup.

2. The public key possessed by your trading partner may be corrupt.

Resolution 1. Resend your public key (.cer) file to your trading partner and have them delete the previous one.

2. Remake your key pair and redistribute the new public key (.cer) file to your trading partner. Have them delete the old one.

48


ERR Invalid request char (*)

Symptom Not receiving files from a trading partner.

Possible Causes

1. Test connection has been made to ensure successful connectivity from a trading partner. This error will be logged in a case where a telnet command was issued to the Commerce Suite listening URL.

2. An unauthorized access attempt was made, which was denied by Commerce Suite.

Resolution No action necessary.

ERR iSocketRead() returned 10054

Symptom Appears when you are sending a file to a trading partner.

Possible Causes

1. The connection to the remote socket was reset due to a timeout or a reboot of the remote system.

2. A duplicate IP address exists on your network 3. A misconfigured firewall or caching proxy server is blocking the

connection. 4. Loss of packets, aborted transfer, remote server stopped responding,

too many packets are dropped, or the remote system aborted a transfer.

5. An existing connection was forcibly closed by the remote host. This normally happens if the peer application on the remote host is suddenly stopped, the host is rebooted, or the remote host uses a hard close. May also result if a connection was broken due to keep-alive activity detecting a failure while one or more operations are in progress.

Resolution 1. Verify that your firewall is properly configured.2. Verify that any proxy server being used by the icssvr application's

host system is not caching for that system.

ERR Key material not found for specified usage

Symptom Attempting to export a keypair.

Possible Causes

The keypair doesn't exist yet.

Resolution 1. Create the keypair with the addkeys command prior to exporting.2. Run batch addkeys.wo, wait for the message Keypair generated

to appear, and then run batch exportkeys.wo.

49


ERR MDN has reported an error or warning

Symptom Receiving a signed MDN from a trading partner after sending a transmission.

Possible Causes:

1. The application tries to verify the signature of your trading partner, but fails. The trading partner's signing-key (.prv file possessed only by the trading partner) and/or the verify-certificate (.cer file given to you by your trading partner) may be incongruent.

2. References to either the key or the certificate are incorrect in the configuration file or in the database, causing the application to not load the proper key or certificate in the first place.

Resolution 1. Verify that your configuration file is loading your trading partner's certificate (.cer file) for signature-verification, and can find the certificate on startup. Also, verify that the trading partner is using the other half of that keypair for signing (.prv file).

2. Verify that you and your trading partner possess an identical copy of the trading partner's certificate by comparing the SHA1-checksum or “Thumb-print”.

3. Remake the key-pair in question.4. If the error occurs while testing with the nuBridges Selftest Server,

verify that the certificate used for testing has not expired. To determine this:a. In the pki folder, double-click NUBRIDGESAS2TEST.cer. Look for

a starting date of 08/18/2003 in the “Valid from” field. Any other date indicates an expired certificate. You can see a certificate information example at http://selftest.nubridges.com/p2ptest/tests/download/validfrom.jpg. The SHA1 “Thumb-print” of the current nuBridgesAS2TEST.cer file is: 4A6D 04BF 8953 EC74 381A 3FA9 0824 3C1D 1713 1E0C.

b. Download the current nuBridgesAS2TEST.cer from http://selftest.nubridges.com/nuBridgesAS2TEST.cer, save it in your nuBridges/pki folder, and click “Yes” when prompted to overwrite the current certificate.

c. Restart icssvr and continue testing. If the error persists, contact nuBridges Support.

ERR MDN has reported an error or warningERR Value=[processed/error: decryption-failed]

Symptom Your trading partner was unable to decrypt the file you sent.

Possible Causes

1. The private key (.prv file) of the trading partner has become corrupted.

2. The public key of the trading partner (which you possess) has become corrupted.

3. An incorrect public key is specified for encrypting for the trading partner.

Resolution 1. Verify that you are encrypting your transmissions with the valid public key of your trading partner.

2. Re-acquire the public key from your trading partner, place it in the pki folder, then restart icssvr.exe.

3. Have the trading partner remake their key pair and send you the resultant public key (.cer file).

50


ERR MDN has reported an error or warningERR Value=[processed/error: unknown trading relationship]

Symptom Your trading partner does not recognize your AS2 name as one of its trading partners.

Possible Causes

1. Your trading partner has not properly configured your AS2 name as a trading partner.

2. You have not properly configured your trading partner's AS2 name as a trading partner.

3. The AS2 name you've called yourself and the AS2 name that your trading partner considers you to be do not match.

Resolution 1. Verify your AS2 Name with your trading partner. AS2 names are case sensitive.

2. Verify that your trading partner's AS2 name is properly listed in your configuration file in the addpair section.

ERR No decryption key defined for relationship

Symptom Attempting to receive a file from a trading partner. May be accompanied on startup by the error:ERR Unable to import keys

Possible Causes

1. The private key (.prv file) has not been properly associated with the relationship for this trading partner in the configuration file.

2. The private key (.prv file) is corrupt and therefore failing to load on startup.

3. The private key (.prv file) is not where the configuration file expects it to be; typically, in the pki folder.

Resolution 1. Verify that the configuration file points to a valid private key for the error-generating relationship.

2. Remake your keypair and redistribute the new public key (.cer file) to your trading partner.

ERR No signing key defined for relationship

Symptom Attempting to send a file or MDN to a trading partner. May be preceded by the message:ERR Unable to import keys

Possible Causes

1. The private key (.prv file) has not been properly associated with the relationship for this trading partner in the configuration file.

2. The private key (.prv file) is corrupt and therefore failing to load on startup.

3. The private key (.prv file) is not where the configuration file expects it to be; typically, in the pki folder.

Resolution Verify that the configuration file points to a valid private key for the error-generating relationship.

51


ERR No Verify certificate

Symptom Attempting to receive a file or MDN from a trading partner. May be preceded on startup by the error:ERR Unable to import keys

May be followed by the error:ERR Unable to verify signature

Possible Causes

1. The public certificate(.cer file) has not been properly associated with the relationship for this trading partner in the configuration file.

2. The public certificate(.cer file) is corrupt and therefore failing to load on startup.

3. The public certificate(.cer file) is not where the configuration file expects it to be; typically, in the pki folder.

Resolution Verify that the configuration file points to a valid public certificate(.cer file) for the error-generating relationship. Key and certificate file names are case sensitive.

Not authorized for this computerP2PE003 Unable to complete authentication

Symptom Attempting to start icssvr.exe from a command prompt.

Possible Causes

1. The hostname of the server does not match the case-sensitive hostname used by nuBridges to generate your license.

2. The icssvr.lic file was generated on a system other than the one on which you are attempting to start the application.

Resolution 1. If you have a valid license then delete the icssvr.lic, icssvr.ini, and icssvr.aut files from the nuBridges folder. Copy the original icssvr.ini and icssvr.aut from the zip file sent to you or downloaded from the nuBridges website.

2. Launch icssvr.exe and when prompted for an authorization key, enter the contents of the icssvr.aut file.

3. If you have moved the icssvr installation to a new machine with a new hostname, contact nuBridges Support to obtain new license for that host.

ERR Protocol is not supported for sends

Symptom Attempting to send a file to a trading partner.

Possible Causes

1. An attempt was made to send to a trading partner via an unsupported protocol.

2. The requested protocol in the send command contains a typo.

Resolution Verify that the target protocol is a supported protocol, such as http, https, smtp, or ftp.

52


ERR Rename


Possible Causes

1. There is a file in the outbox from a previous attempted send with the same name as a file that icssvr is trying to send using persistent send. The system cannot rename the file to a file name that already exists on the file system.

2. Another application (e.g., Notepad, Wordpad, or your translator) has the file locked and the operating system will not allow the Commerce Suite Server to rename the file.

Resolution 1. Manually rename the prefix of file being sent or manually rename the file blocking the rename.

Note: If you want to automatically delete the file after receiving an MDN from your trading partner, place a -x argument in the auto-outbox (persistent send) for the trading partner in the configuration file; then, restart the software.

2. Determine what application has the file locked. If this is not possible, the server should be rebooted to stop the application and remove the lock.

ERR Requested synchronous receipt not returned


Possible Causes

1. In the configuration file, URLs have been used in lieu of IP Addresses and the operating system cannot resolve the URLs to IP Addresses.

2. The send failed so early in the transaction that the trading partner didn't have enough information to generate an MDN and return it to you.

3. The URL specified for the Cyclone trading partner has a trailing slash after the resource. When in debug mode, this condition would have the error prefaced by another “error” several lines above it that says “HTTP Response-Line = (HTTP/1.0 503 Service Unavailable)”

Resolution 1. Verify that the host can resolve its own URL to an IP Address via DNS or the host file.

2. Contact your trading partner to determine what error is being experienced at their end. This information may reveal the issue.

3. If the trading partner is using a Cyclone product, verify that the ToURL has no trailing slash in the icssvr.cfg file.

53


ERR Signature not verified


Possible Causes

1. An incongruity between the trading partner's public key (.cer) and private key (.prv).

2. You do not have the public key of your trading partner loaded into memory for signature verification.

3. The filename in the pki folder and the filename referenced in the configuration file do not match.

Resolution 1. Verify that you are using your trading partner's public key for signature verification.

2. Verify that the filename in the configuration file matches the filename in the pki folder.

3. If the problem persists, have the trading partner resend you his public key and save it in the pki folder.

4. If the problem still persists, have the trading partner remake his key pair and send you the public key. Save the public key in the pki folder.

ERR Trading-relationship not found for specified protocol

Symptom Attempting to send to or receive from a trading partner.

Possible Causes

The protocol specified for the send command does not exist in the addpair command in the configuration file. This is usually due to a typo during a manual send.

Resolution Verify that the command entered to send a file lists the protocol configured in the addpair command within the configuration file.

ERR Trading relationship not found-OR-ERR Unknown trading relationship

Symptom Attempting to receive or send a file.

Possible Causes

You attempted to send from an AS2 name or to an AS2 name for which the system is not configured. AS2 names are case sensitive. This can also occur on startup if the persistent send has been enabled (auto-outbox).

Resolution 1. Verify that the typed AS2name is the same as listed in the configuration file.

2. Verify that the AS2 names specified in the persistent send match an addpair command in the configuration file.

54


ERR Unable to bind socket to port

Symptom Attempting to start icssvr.exe.

Possible Causes

1. The icssvr listener is attempting to start on an IP Address that the local machine does not control.

2. The icssvr listener is attempting to start on a port that another application is already occupying.

3. The icssvr is already running when a subsequent instance is launched.

Resolution 1. Change the IP Address in the Start Services section of the configuration file to an IP Address that is on the local machine.

2. Verify that no other listeners are already running on the port by typing netstat -na from the DOS prompt.

3. Verify that icssvr.exe is not already running.

ERR Unable to connect to remote peer

Symptom Attempting to send to a trading partner.

Possible Causes

1. Your license has not been properly installed and you are still running icssvr in Demonstration mode.

2. The network connection between you and your trading partner is preventing you from connecting; this could be a down firewall, an improperly configured firewall at either party's end, or a caching proxy server is standing between the nuBridges Commerce Suite Server and the trading partner's AS2 server.

3. The trading partner's software is not currently running.4. An incorrect URL or IP address has been specified in your

configuration file or database for your trading partner.

Resolution 1. If your console displays “Demonstration Mode” upon startup, delete the icssvr.ini, icssvr.aut, and icssvr.lic files from your nuBridges folder and extract icssvr.ini and icssvr.aut from the original zipped archive acquired from nuBridges Corporation into the nuBridges folder.When you start icssvr.exe, you will be asked to enter an authorization code. Please copy the contents of your icssvr.aut file and paste it into your console when prompted. (right click on the title bar and select Edit →Paste). If prompted for the authentication code on subsequent startups, please verify that the icssvr.aut file was pasted at the prompted and not the icssvr.ini file.

2. Verify that the trading partner's firewall is forwarding packets bound for the ToURL to the private IP address beyond the trading partner's firewall.If testing with NUBRIDGESAS2TEST, make sure that the URL in the configuration file is resolving to http://63.140.159.11:4080/ and not http://63.140.159.17:6080/.

3. Verify through your Network Administrator that the proxy server is not caching pages for the nuBridges Commerce Suite Server's IP Address.

4. Verify with your Network Administrator that packets going into the LAN interface on your firewall are getting through the firewall and out to the Internet interface. You may need your Network Administrator to “sniff” the router. (They will understand the term “sniff.”)

5. Verify that the trading partner's software is up and running.

55


ERR Unable to create output file <filename>

Symptom Attempting to receive a file from a trading partner.

Possible Causes

The system tried to write the file to the path specified in the config file, but was unable to do so.

Resolution 1. Verify that the path exists on the file system.2. Verify that the user executing icssvr has write permissions to that

path.3. Verify that the file <filename> does not already exist.4. Verify that the file system is not full.

ERR Unable to import keys

Symptom Attempting to start icssvr.exe.

Possible Causes

The keys or certificates specified in the configuration file:a. May not be in your possession yet.b. May not be in the pki folder.c. May not match the name of the files actually listed in the pki

folder.This error is typically generated when you have not yet received the public key from your trading partner.

Resolution Verify that the -fC and/or -fK options of the importkey statements in the configuration file are followed by the relative path of a valid (C)ertificate or (K)ey.

ERR Unable to open configuration file

Symptom Attempting to execute the batch command by typing:batch <filename

Possible Causes

The argument (<filename>) that was passed to the batch command does not exist in the path specified. The path is relative to where the icssvr.exe was launched; typically, the nuBridges folder.

Resolution 1. Verify that the case-sensitive file name of the configuration file has no typos.

2. Verify that the case-sensitive file name actually exists in the current directory.

ERR Unable to open outbound file


Possible Causes

1. The file you are trying to send is inaccessible to the icssvr application. This may be caused by permissions being set to exclude or not include the username running the icssvr application.

2. The outbound file may not exist in the folder specified in the send command.

Resolution Verify that the outbound file exists and is in the path specified in the send command.

56


57

ERR Unable to store file


Possible Causes

1. The path to the inbox specified in the addpair command of the configuration file does not exist.

2. The entire target path and filename exceeds 260 characters. 3. The icssvr application does not have the permissions set to allow it

to write to the folder specified in the addpair command of the configuration file.

Resolution Verify that the permissions are properly set to allow writing to the specified folder defined in the configuration file for the inbound relationship.

ERR Unable to write to output file

Symptom Attempting to receive a file from a trading partner.

Possible Causes

The application is unable to either create or write to an output file due to file system prohibitions. The path specified may have read-only attributes, or the user under which nuBridges Commerce Suite Server was installed may not have write permissions to the path, or the file system may be full.

Resolution 1. Verify that the user under which the software was installed has write permissions to the path specified for the addpair command in the configuration file.

2. Verify that the specified path does not have read-only attributes.3. Verify that the file system is not full.4. Verify that user running nuBridges Commerce Suite Server has the

proper file system permissions.

WRN Certificate expired-OR-WRN Certificate before validity period

Symptom Attempting to start nuBridges Commerce Suite and receive several WRNs (Warnings) on the console or in the log file.

Possible Causes

A certificate that nuBridges Commerce Suite is loading is either expired or is not valid yet.

Resolution Even though the certificate is outside of its validity period, it is still usable. However, it should be replaced if expired. 1. Determine which certificate is generating the expired error by finding

the certificate's serial number specified in the log file. For example:WRN Serial No.: 20 02 08 0F 0F 05 06 57 1E FF CB 08 A1 DD C9 14

2. Compare that serial number with the serial number of each certificate loaded (typically, one of several certificates in the pki folder). You may examine the serial number of a certificate by double-clicking the certificate and selecting the Details tab. (The General tab will most likely indicate that the certificate is untrusted by the Windows operating system. You can safely ignore this warning.)

3. Select the serial number field and you will see the number in the white space in the lower half of the window.

4. If the certificate is your own, remake the keypair. If the certificate belongs to a trading partner, contact that trading partner and ask for a new certificate.


The following table contains numbered error codes and their descriptions. You may encounter these error codes, in addition to the error messages listed in the previous table, when working with Commerce Suite.

Error Code NumberDecimal/Hexadecimal

Error Code

Error Code Description

4096/1000 IAPI_ERR_BADPARAM

Invalid Parameter - An invalid or missing parameter was found by the application while processing a function.

4097/1001 IAPI_ERR_ALLOCFAIL

Memory Allocation Failed - The application was unable to allocate enough memory to satisfy the need of a program function.

4098/1002 IAPI_ERR_THREADFAIL

Thread Serialization Failed - The application was unable to create a new process thread. A process thread is a separate processing context within the application. It is normal for the application to utilize multiple threads concurrently. However, an operating system may have limitations on the number of threads that can be created for a single process.

4099/1003 IAPI_ERR_LOCKFAIL

Exclusive Lock Failed - The application was not able to grant a thread exclusive access to a resource (memory,file,database,mailbox). Some resources must be locked before use so that only one thread can update a shared resource.

4100/1004 IAPI_ERR_EDSADD

Mailbox Add Failed - An error occurred attempting to add a message to an external mailbox system.

4101/1005 IAPI_ERR_EDSEXTRACT

Mailbox Extract Failed - An error occurred attempting to extract a message from an external mailbox system.

4352/1100 FILE_ERR_EXISTSFAIL

File Search Failed - The application encountered an operating system error while attempting to determine if a file exists.

4353/1101 FILE_ERR_RENAMEFAIL

File Rename Failed - The application encountered an operating system error while attempting to rename a file.

4354/1102 FILE_ERR_CREATEFAIL

File Creation Failed - The application encountered an operating system error while attempting to create a file.

4355/1103 FILE_ERR_TEMPFAIL

Temp-File Creation Failed - The application encountered an operating system error while attempting to create a temporary file.

4356/1104 FILE_ERR_DESTROYFAIL

File Deletion Failed - The application encountered an operating system error while attempting to delete a file.

4357/1105 FILE_ERROR_OPENFAIL

File Open Failed - The application encountered an operating system error while attempting to open a file for read and write access.

4358/1106 FILE_ERR_OPENAPPENDFAIL

File Open-for-Append Failed - The application encountered an operating system error while attempting to open a file for appending data.

58


4359/1107 FILE_ERR_OPENBROWSEFAIL

File Open-for-Browse Failed - The application encountered an operating system error while attempting to open a file for browse only.

4360/1108 FILE_ERR_CLOSEFAIL

File Close Failed - The application encountered an operating system error while attempting to close a file.

4361/1109 FILE_ERR_READFAIL

File Read Failed - The application encountered an operating system error while attempting to read from a file.

4362/110A FILE_ERR_WRITEFAIL

File Write Failed - The application encountered an operating system error while attempting to write to a file.

4363/110B FILE_ERR_POSFAIL

File Position (ftell) Failed - The application encountered an operating system error while attempting to obtain the current file-pointer position.

4364/110C FILE_ERR_SEEKFAIL

File Seek Failed - The application encountered an operating system error while attempting to move the current file-pointer position.

4365/110D FILE_ERR_ENDFAIL

File End (Seek-to-end) Failed - The application encountered an operating system error while attempting to set the file-pointer to the end of a file.

4366/110E FILE_ERR_REWINDFAIL

File Rewind Failed - The application encountered an operating system error while attempting to set the file-pointer to the beginning of a file.

4608/1200 COMPRESS_ERR_DEFLATE

Zlib Compress (DEFLATE) Failed - The application was unable to compress a message.

4609/1201 COMPRESS_ERR_INFLATE

Zlib Uncompress (Inflate) Failed - The application was unable to uncompress a message.

4864/1300 SHA1_ERR_HASHFILEFAIL

SHA-1 Hash Function Failed - The application was unable to compute a message digest.

5120/1400 PKI_ERR_CREATEKEYFAIL

Unable to Create Key Pair - The application was unable to create an RSA public/private key-pair.

5121/1401 PKI_ERR_NOCERTSEQ

Invalid Certificate Fields - The Certificate sequence was not found in an X.509 certificate

5122/1402 PKI_ERR_NOTBSSEQ

Invalid Certificate Fields - The tbsCertificate sequence was not found in an X.509 certificate.

5123/1403 PKI_ERR_NOTBSVERSEQ

Invalid Certificate Fields - The tbsCertificate Version sequence was not found in an X.509 certificate.

5124/1404 PKI_ERR_NOTBSVERINT

Invalid Certificate Fields - The tbsCertificate Version integer was not found in an X.509 certificate.

5125/1405 PKI_ERR_BADTBSVER

Invalid Certificate Fields - The tbsCertificate Version integer is invalid or not supported.


Error Code


59


5126/1406 PKI_ERR_NOSERNO

Invalid Certificate Fields - The serial-number part of an X.509 certificate could not be found.

5127/1407 PKI_ERR_NOSIGALGSEQ

Missing Signature Algorithm - The signatureAlgorithm sequence of an X.509 certificate could not be found.

5128/1408 PKI_ERR_NOSIGALGOID

Missing SignatureAlgorithm Identifier - The signatureAlgorithm Object Identifier of an X.509 certificate could not be found.

5129/1409 PKI_ERR_BADSIGALG

Invalid SignatureAlgorithm - The signatureAlgorithm of an X.509 certificate is invalid or not supported.

5130/140A PKI_ERR_NOSIGALGRPARAM

Missing SignatureAlgorithm Parameter - The parameter field of a signatureAlgorithm OID of an X.509 certificate was not found.

5131/140B PKI_ERR_NOISSSEQ

Missing Issuer Sequence Field - The Issuer sequence of an X.509 certificate could not be found

5132/140C PKI_ERR_NOVALSEQ

Missing ValidityPeriod Sequence - The ValidityPeriod sequence of an X.509 certificate could not be found.

5133/140D PKI_ERR_NOVALBEG

Missing ValidityPeriod BeginDate - The ValidityPeriod BeginDate of an X.509 certificate could not be found.

5134/140E PKI_ERR_NOVALEND

Missing ValidityPeriod EndDate - The ValidityPeriod EndDate of an X.509 certificate could not be found.

5135/140F PKI_ERR_NOSUBSEQ

Missing SubjectName - The SubjectName of an X.509 certificate could not be found.

5136/1410 PKI_ERR_NOKEYINFOSEQ

Missing SubjectPublicKeyInfo Sequence - The SubjectPublicKeyInfo sequence of an X.509 certificate could not be found.

5137/1411 PKI_ERR_NOKEYALGSEQ

Missing SubjectPublicKeyInfo Algorithm - The SubjectPublicKeyInfo Algorithm Sequence of an X.509 certificate could not be found.

5138/1412 PKI_ERR_NOKEYALGOID

Missing SubjectPublicKeyInfo Algorithm - The SubjectPublicKeyInfo Algorithm OID of an X.509 certificate could not be found.

5139/1413 PKI_ERR_BADKEYALG

Invalid SubjectPublicKey Algorithm - The SubjectPublicKeyInfo Algorithm is invalid or not supported.

5140/1414 PKI_ERR_NOKEYALGPARAM

Missing SubjectPublicKeyInfo Algorithm - The SubjectPublicKeyInfo Algorithm Parameter field is missing.

5141/1415 PKI_ERR_NOKEY

Missing SubjectPublicKey Bit-String - The SubjectPublicKey Bit-String of an X.509 certificate could not be found.

5142/1416 PKI_ERR_NOKEYSEQ

Missing SubjectPublicKey sequence - The SubjectPublicKey RSAPublicKey sequence of an X.509 certificate could not be found.


Error Code


60


5143/1417 PKI_ERR_NOMODULUS

Missing SubjectPublicKey Modulus - The SubjectPublicKey Modulus Integer of an X.509 certificate could not be found.

5144/1418 PKI_ERR_NOPUBEXP

Missing SubjectPublicKey Public Exponent - The SubjectPublicKey Public Exponent integer of an X.509 certificate could not be found.

5145/1419 PKI_ERR_NOEXTSSEQ

Missing Certificate Extension Sequence - The Extensions sequence of an X.509 certificate could not be found.

5146/141A PKI_ERR_NOEXTSEQ

Missing Certificate Extension Sequence - An Extension sequence of an X.509 certificate could not be found.

5147/141B PKI_ERR_NOEXTOID

Missing Certificate Extension Sequence - An Extension OID of an X.509 certificate could not be found.

5148/141c PKI_ERR_NOEXTOCTSTR

Missing Certificate Extension Sequence - An Extension Octet-String of an X.509 certificate could not be found.

5149/141D PKI_ERR_NOUSAGEVAL

Missing Certificate Extension Sequence - An Extension Value of an X.509 certificate could not be found.

5150/141E PKI_ERR_NONAMESEQ

Missing Certificate Name Sequence - The Name sequence of an X.509 certificate distinguished-name could not be found.

5151/141F PKI_ERR_NONAMESET

Missing Certificate Extension Set - The Name set of an X.509 certificate distinguished-name could not be found.

5152/1420 PKI_ERR_NOATTRSEQ

Missing AttributeTypeAndValue Sequence - The AttributeTypeAndValue sequence of an X.509 certificate distinguished-name could not be found.

5153/1421 PKI_ERR_NOATTROID

Missing attributeTypeAndValue OID - The AttributeTypeAndValue OID of an X.509 certificate distinguished-name could not be found.

5154/1422 PKI_ERR_NOATTRVAL

Missing AttributeTypeAndValue Value - The AttributeTypeAndValue Value of an X.509 certificate distinguished-name could not be found.

5155/1423 PKI_ERR_NOPRVSEQ

Missing PrivateKey Sequence - The PKCS1 PrivateKey sequence could not be found.

5156/1424 PKI_ERR_NOPRVVER

Missing PrivateKey Integer - The PKCS1 PrivateKey version integer could not be found.

5157/1425 PKI_ERR_BADPRVVER

Invalid PrivateKey Value - The PKCS1 PrivateKey version value is invalid or not supported.

5158/1426 PKI_ERR_NOPRVMOD

Missing PrivateKey Integer -The PKCS1 PrivateKey Modulus integer could not be found.

5159/1427 PKI_ERR_BADMOD

Invalid PrivateKey Modulus - The PKCS1 PrivateKey Modulus is invalid.


Error Code


61


5160/1428 PKI_ERR_NOPRVPUBEXP

Missing PrivateKey Public Exponent - The PKCS1 PrivateKey Public Exponent could not be found.

5161/1429 PKI_ERR_BADPUBEXP

Invalid PrivateKey Public Exponent - The PKCS1 PrivateKey Public Exponent is invalid.

5162/142A PKI_ERR_NOPRVPRVEXP

Missing PrivateKey private Exponent - The PKCS1 PrivateKey Private Exponent is missing.

5163/142B PKI_ERR_BADKEYPAIR

Invalid Key-Pair - The PKCS1 PrivateKey key-pair is not valid.

5164/142C PKI_ERR_NOPRVPRIME1

Missing PrivateKey First Prime - The PKCS1 PrivateKey First Prime (p) is missing.

5165/142D PKI_ERR_NOPRVPRIME2

Missing PrivateKey Second Prime - The PKCS1 PrivateKey Second Prime (q) is missing.

5166/142E PKI_ERR_NOPRVEXP1

Missing PrivateKey First Exponent - The PKCS1 PrivateKey First Exponent (dp) is missing.

5167/142F PKI_ERR_NOPRVEXP2

Missing PrivateKey Second Exponent - The PKCS1 PrivateKey Second Exponent (dq) is missing.

5168/14530 PKI_ERR_NOPRVCOEFF

Missing PrivateKey Coefficient - The PKCS1 PrivateKey Coefficient (qinv) is missing.

5312/14C0 PKI_ERR_NOIMPORTEDREQ

Missing Certificate Request - The application was requested to parse a certificate request, but no request was found.

5313/14C1 PKI_ERR_NOREQSEQ

Missing Certificate Request - The Certificate-Request sequence of a certificate request message was not found.

5314/14C2 PKI_ERR_NOPKISEQ

Missing PKI Sequence - The PKI sequence of a certificate-request message was not found.

5315/14C3 PKI_ERR_NOOIDSEQ

Missing PKI Object-Identifier - The PKI Object-Identifier of a certificate-request message was not found.

5316/14C4 PKI_ERR_NOTRAILNULL

Missing OID Parameter - The OID Parameter of a certificate-request message was not found.

5317/14C5 PKI_ERR_BADENCBLOCK

Invalid Message-Digest - The decrypted message-digest of a certificate-request signature was not a valid PKCS Type-1 block

5318/14C6 PKI_ERR_BADSIGN

Invalid Message-Digest - The decrypted message-digest of a certificate-request signature did not match the message-digest computed by the application.

5319/14C7 PKI_ERR_NOATTRSET

Missing Attribute - An Attribute set of a certificate-request message could not be found.


Error Code


62


5376/1500 SOCKET_ERR_STARTFAIL

Sockets API Initialization Failed - The application was unable to initialize the sockets API. This error should only occur on Microsoft Windows platforms as a result of the WSAStartup function call. This error can occur if the underlying network software could not properly initialize during system startup.

5377/1501 SOCKET_ERR_STOPFAIL

Sockets API Finalization Failed - The application was unable to finalize its use of the sockets API on a Microsoft Windows platform.

5378/1502 SOCKET_ERR_GETHOSTNAMEFAIL

Unable to Determine Host-Name - The application was unable to obtain the current computer's hostname from the TCP/IP networking software.

5379/1503 SOCKET_ERR_GETHOSTNAMEBYFAIL

Unable to Resolve Host-Name to IP Address - The application was unable to obtain the current computer's IP address from the TCP/IP networking software.

5380/1504 SOCKET_ERR_DATAGRAMFAIL

Unable to Create UDP Socket - The application was unable to create a socket of type DATAGRAM.

5381/1505 SOCKET_ERR_STREAMFAIL

Unable to Create Stream Socket - The application was unable to create a socket of type STREAM.

5382/1506 SOCKET_ERR_CLOSEFAIL

Unable to Close Socket - The application was unable to close a TCP/IP socket

5383/1507 SOCKET_ERR_BLOCKFAIL

Unable to Set Socket Blocking Option - The application was unable to set a TCP/IP socket to non-blocking mode.

5384/1508 SOCKET_FAIL_BROADCASTFAIL

Unable to Send UDP Broadcast - The application was unable to set a TCP/IP socket to broadcast mode.

5385/1509 SOCKET_ERR_BINDFAIL

Unable to Bind Socket to Address and Port - The application was unable to issue a socket BIND call. The requested IP address and PORT may already be in use by another application.

5386/150A SOCKET_ERR_GETFAIL

UDP Socket recvfrom() Failed - The application was unable to issue a socket GET call. UDP requests may be disabled by the TCP/IP networking software.

5387/150B SOCKET_ERR_PUTFAIL

UDP Socket sendto() Failed - The application was unable to issue a socket PUT call. UDP requests may be disabled by the TCP/IP networking software.

5388/150C SOCKET_ERR_LISTENFAIL

Unable to Listen on Socket - The application was unable to issue a socket LISTEN call. The socket BIND may have failed.

5389/150D SOCKET_ERR_ACCEPTFAIL

Unable to Accept Connections on Socket - The application was unable to issue a socket ACCEPT call. The socket BIND may have failed.


Error Code


63


5390/150E SOCKET_ERR_GETPEERNAMEFAIL

Unable to Get Remote Host Name - The application was unable to obtain the IP address and PORT of the remotely connected host.

5391/150F SOCKET_ERR_CONNECTFAIL

Unable to Connect to Remote Host - The application was unable to connect to a remote computer. The remote computer may not be accepting connections or a fire-wall may be preventing a connection to the remote host.

5392/1510 SOCKET_ERR_GETSOCKNAMEFAIL

GetSockName() Failed - The application was unable to obtain information about the remote computer.

5393/1511 SOCKET_ERR_READFAIL

Unable to Read from Socket - The application was unable to read data from a connected TCP/IP socket. A fire-wall may be preventing data traffic in an inbound direction from the remote computer.

5394/1512 SOCKET_ERR_WRITEFAIL

Unable to Write to Socket - The application was unable to write data to a connected TCP/IP socket. A fire-wall may be preventing data traffic in an outbound direction to the remote computer.

5632/1600 CMS_ERR_NOCONINFSEQ

S/MIME Parsing Errors - The ContentInfo sequence could not be found in an ASN1-encoded message.

5633/1601 CMS_ERR_NOCONINFOID

Missing ContentInfo OID - The ContentInfo Object Identifier (OID) could not be found in an ASN1-encoded message.

5634/1602 CMS_ERR_BADCONINFOID

Invalid Object identifier - The Object identifier found in a ContentInfo sequence of an ASN1-encoded message is invalid or is not the expected value.

5635/1603 CMS_ERR_NOCONINFCONTENT

Missing Content Field - The Content field of the ContentInfo sequence of an ASN1-encoded messages could not be found.

5636/1604 CMS_ERR_NOSIGDATSEQ

Missing SignedData sequence - The SignedData sequence could not be found in an ASN1-encoded message that has a signedData content type.

5637/1605 CMS_ERR_NOSIGDATVER

Missing SignedDate integer - The SignedData version integer could not be found in an ASN1-encoded message that has a signedData content type.

5638/1606 CMS_ERR_NOSIGDATALGSET

Missing digestAlgorithm - The digestAlgorithm set could not be found in an ASN1-encoded message that has a signedData content type.

5639/1607 CMS_ERR_NOSIGDATALGSEQ

Missing digestAlgorithm - The digestAlgorithm sequence could not be found in an ASN1-encoded message that has a signedData content type.

5640/1608 CMS_ERR_NOSIGDATALGOID

Missing digestAlgorithm -The digestAlgorithm Object Identifier (OID) could not be found in an ASN1-encoded message that has a signedData content type.


Error Code


64


5641/1609 CMS_ERR_BADSIGDATALGOID

Invalid digestAlgorithm - The digestAlgorithm Object Identifier found in an ASN1-encoded message is invalid or not supported.

5642/160A CMS_ERR_NOENCCONINFSEQ

Missing encapsulatedContentInfo Sequence - The encapsulatedContentInfo Sequence could not be found in an ASN1-encoded message.

5643/160B CMS_ERR_NOENCCONINFOID

Missing encapsulatedContentInfo Identifier - The encapsulatedContentInfo Object Identifier (OID) could not be found in an ASN1-encoded message.

5644/160C CMS_ERR_BADENCCONINFOID

Invalid OID - The encapsulatedContentInfo OID found in an ASN1-encoded message is invalid or not supported.

5645/160D CMS_ERR_NOSIGINFSET

Missing signerInfo set - The signerInfo set could not be found in an ASN1-encoded message.

5646/160E CMS_ERR_NOSIGINFSEQ

Missing signerInfo Sequence - The signerInfo sequence could not be found in an ASN1-encoded message.

5647/160F CMS_ERR_NOSIGINFVER

Missing signerInfo integer - The signerInfo version integer could not be found in an ASN1-encoded message.

5648/1610 CMS_ERR_NOSIGINFRID

Missing Sequence - The IssuerNameAndSerialNbr sequence could not be found in an ASN1-encoded message.

5649/1611 CMS_ERR_NODIGALGSEQ

Missing digestAlgorithm - The digestAlgorithm sequence could not be found in an ASN1-encoded message.

5650/1612 CMS_ERR_NODIGALGOID

Missing digestAlgorithm OID - The digestAlgorithm Object Identifier (OID) could not be found in an ASN1-encoded message.

5651/1613 CMS_ERR_BADAUTATTLEN

Invalid AuthenticatedAttributes length - The length of the AuthenticatedAttributes part of a signedData ASN1-encoded message is of an indefinite-length, which is not supported.

5652/1614 CMS_ERR_NOAUTATTSEQ

Missing AuthenticatedAttributes - The AuthenticatedAttributes sequence could not be found in an ASN1-encoded message.

5653/1615 CMS_ERR_NOAUTATTOID

Missing AuthenticatedAttributes OID - The AuthenticatedAttributes Object Identifier (OID) could not be found in an ASN1-encoded message.

5654/1616 CMS_ERR_NOMSGDIGEST

Missing MessageDigest set - The MessageDigest set could not be found in an ASN1-encoded message.

5655/1617 CMS_ERR_NOMSGDIGOCTSTR

Missing MessageDigest octet-string - The MessageDigest octet-string could not be found in an ASN1-encoded message.


Error Code


65


5656/1618 CMS_ERR_NOATTSET

Missing Attribute set - The Attribute set of an ASN1-encoded message could not be found.

5657/1619 CMS_ERR_NODIGENCALGSEQ

Missing digestEncryptionAlgorithm - The digestEncryptionAlgorithm sequence could not be found in an ASN1-encoded message.

5658/161A CMS_ERR_NODIGENCALGOID

Missing digestAlgorithm OID - The digestEncryptionAlgorithm Object Identifier (OID) could not be found in an ASN1-encoded message.

5659/161b CMS_ERR_BADDINGENCALGOID

Invalid digestEncryptionAlgorithm OID - The digestEncryptionAlgorithm OID in an ASN1-encoded message is invalid or not supported.

5660/161C CMS_ERR_NOENCDIGOCTSTR

Missing EncryptedDigest Octet-string - The EncryptedDigest Octet-String in an ASN1-encoded message could not be found.

5661/161D CMS_ERR_NOENVDATSEQ

Missing Sequence - The EnvelopedData SEQUENCE of an ASN1-encoded message could not be found.

5662/161E CMS_ERR_NOENVDATVER

Missing Integer - The EnvelopedData version INTEGER of an ASN1-encoded message could not be found.

5663/161F CMS_ERR_BADENVDATVER

Invalid version - The EnvelopedData version is invalid or not supported.

5664/1620 CMS_ERR_BADENVDATORI

Invalid Version - The Envelopeddata OriginatorInfo was found but the ASN1 version is not version 2.

5665/1621 CMS_ERR_NORCPINFSET

Missing SET - The EnvelopedData RecipientInfos SET of an ASN1-encoded message was not found.

5666/1622 CMS_ERR_NORCPINFSEQ

Missing Sequence - The EnvelopedData RecipientInfo SEQUENCE of an ASN1-encoded message was not found.

5667/1623 CMS_ERR_NORCPINFVER

Missing Integer - The EnvelopedData RecipientInfo Version INTEGER was not found.

5668/1624 CMS_ERR_BADRCPINFVER

Invalid version - The EnvelopedData RecipientInfo Version if an ASN1-encoded message is invalid.

5669/1625 CMS_ERR_NORCPINFRID

Missing Identifier - The EnvelopedData RecipientInfo RecipientIdentifier of an ASN1-encoded message was not found.

5670/1626 CMS_ERR_NOENCALGSEQ

Missing Sequence - The EnvelopedData RecipientInfo keyEncryptionAlgorithm sequence was not found.

5671/1627 CMS_ERR_NOENCKEYOCTSTR

Missing Key - RecipientInfo.encryptedContentInfo not found.

5672/1628 CMS_ERR_BADRCPINFSEQ

Invalid Sequence - RecipientInfo SEQUENCE is improperly formed.


Error Code


66


5673/1629 CMS_ERR_BADRCPINFSET

Invalid SET - RecipientInfo SET is improperly formed.

5674/162A CMS_ERR_NOENCCONSEQ

Missing Sequence - EnvelopedData.EncryptedContentInfo SEQUENCE not found.

5675/162B CMS_ERR_NOENCCONOID

Missing OID - EnvelopedData.EncryptedContentInfo OID not found.

5676/162C CMS_ERR_BADENCCONOID

Invalid OID - Invalid EncryptedContentInfo OID.

5677/162D CMS_ERR_NOCONENCALGSEQ

Missing Sequence - EncryptedContentInfo SEQUENCE not found.

5678/162E CMS_ERR_NOCONENCALGOID

Missing OID - EncryptedContentInfo OID not found.

5679/162F CMS_ERR_BADCONENCALGOID

Invalid OID - Invalid EncryptedContentInfo OID.

5680/1630 CMS_ERR_BADCONENCALG

Invalid Algorithm - Invalid EncryptedContentInfo Algorithm.

5681/1631 CMS_ERR_NOENCALGPARAM

Missing parameter - Encryption algorithm parameter not found.

5682/1632 CMS_ERR_BADENCALGPARAM

Missing parameter - Invalid encryption algorithm parameter.

5683/1633 CMS_ERR_NOENCCONLEN

Missing Length - No encryptedContent length.

5684/1634 CMS_ERR_NOENCCONTENT

Missing Content - No encryptedContent.

5685/1635 CMS_ERR_NOENCCONOCTSTR

Missing OCTETSTRING - No encryptedContent OCTETSTRING.

5686/1636 CMS_ERR_BADENCCONTENT

Invalid encryptedContent.

5687/1637 CMS_ERR_BADCONENCKEY

Invalid content-encryption key.

5688/1638 CMS_ERR_NOCMPDATSEQ

Missing Sequence - CompressedData SEQUENCE not found.

5689/1639 CMS_ERR_NOCMPDATVER

Missing Integer - CompressedData.version INTEGER not found.

5690/163A CMS_ERR_BADCMPDATVER

Invalid CompressedData.version.


Error Code


67


5691/163B CMS_ERR_NOCMPALGSEQ

Missing Sequence - CompressedData.compressionAlgorithm SEQUENCE not found.

5692/163C CMS_ERR_NOCMPALGOID

Missing OID - CompressedData.compressionAlgorithm OID not found.

5693/163D CMS_ERR_BADCMPALGOID

Invalid OID value - Invalid CompressedData.compressionAlgorithm OID value.

5694/163E CMS_ERR_NOCMPCONLEN

No compressed-content length.

5695/163F CMS_ERR_NOCMPCONOCTSTR

No CompressedData.encapContentInfo.eContent OCTET-STRING.

5696/1640 CMS_ERR_BADCMPCONTENT

Invalid compressedContent.

5697/1641 CMS_ERR_NOCMPCONTENT

No compressedData content.

6400/1900 IAUTH_ERR_AUTHCODEEXPIRED

Expired authentication code - The authentication code entered by the user to license the application has expired. Authentication codes distributed with the application are valid for a period that may vary depending on a customer's license agreement.

6401/1901 IAUTH_ERR_AUTHCODEINVALID

Invalid authentication code - The authentication code entered by the user to license the application is invalid. This may be caused by a correct code being entered incorrectly, or a code for another implementation being used with the wrong copy of the application.

6402/1902 IAUTH_ERR_INIFILEBADLEN

Invalid Length - The initialization file (icssvr.ini) has an invalid length. This can be caused if the icssvr.ini file has been corrupted or modified such that it is too short to contain a valid serial-number.

6403/1903 IAUTH_ERR_LICFILEBADLEN

Invalid Length - The license file (icssvr.lic) has an invalid length. This can be caused if the icssvr.lic file has been corrupted or modified such that it is not the correct length. For Commerce Suite Version 3.1, the correct length of a license file is 320 bytes.

7424/1DO0 IERR_FTPBADRESPLEN

Invalid FTP response length

7425/1DO1 IERR_FTPNOUSERID

No user ID available to send

7426/1DO2 IERR_FTPNOPASSWORD

No password available to send

7427/1DO3 IERR_FTPNOPATH

No directory path available to send


Error Code


68


7428/1DO4 IERR_FTPBADRESPVAL

Unexpected FTP response value

7429/1DO5 IERR_FTPPORTCMDFAILED

Failed to build PORT command

7430/1DO6 IERR_FTPNONLSTDATA

No data received from NLST

7431/1DO7 IERR_FTPBADNLSOUTPUT

Invalid data received from NLST

7432/1DO8 IERR_FTPNOSTOREDFILE

No stored file name

7433/1DO9 IERR_FTPCWDFAILED

Abnormal response to CWD from the FTP server

7434/1DOA IERR_FTPREADFTPSERVERMESSAGE

Unable to read FTP server response message

7435/1DOB IERR_FTPSENDFTPSERVERCOMMAND

Unable to send FTP server command

7436/1DOC IERR_FTPACTIVE

Error setting to active mode

7437/1DOD IERR_FTPPASSIVE

Error setting to passive mode

8448/2100 AS2_ERR_NOAS2FROM

Missing AS2-From Header - The application detected an inbound data stream that did not contain an AS2-From header within its HTTP headers.

8449/2101 AS2_ERR_NOAS2TO

Missing AS2-To Header - The application detected an inbound data stream that did not contain an AS2-To header within its HTTP headers.

8450/2102 AS2_ERR_BADFROMTO

Invalid AS2-From, AS2-To Combination - The application detected an inbound data stream that contained a set of AS2-From and AS2-To headers that represent a relationship of trading partners that could not be found in the transport agent's relationship array for the active protocol (HTTP or HTTPS). This error can occur if the AS2-From and AS2-To name combination is unknown or invalid or if the transport agent's relationship array has not been populated by the Admin agent or by retrieving relationship data from the database with the getpairs command.

8451/2103 AS2_ERR_NORCPT

Expected Receipt Not Received - The application did not receive a requested receipt (MDN) from a trading partner within the specified time-limit.

8452/2104 AS2_ERR_MDNERR

Error Reported in MDN (Receipt) - The application has detected that an error was reported by a trading partner in an MDN received from a trading partner.


Error Code


69


8453/2105 AS2_ERR_DECRYPTFAIL

Unable to decrypt - The application was unable to decrypt an encrypted message received from a trading partner. This can be caused by applying a private-key to the decryption process that does not correspond to the public-key in the certificate that was used to encrypt the data by the trading partner.

8454/2106 AS2_ERR_VERIFYFAIL

Unable to verify signed message - The application was unable to verify a signed message received from a trading partner. This can be caused by applying a public-key from a certificate to the verification process that does not correspond to the private-key that was used to sign the data by the trading partner.

8455/2107 AS2_ERR_DECOMPRESSFAIL

Unable to decompress a message - The application was unable to decompress a message received from a trading partner. This can be caused if the sender of the message used a different compression algorithm than the ZLIB algorithm interoperability-tested by AS2 vendors.

8456/2108 AS2_ERR_BADURL

Invalid IP address - The application determined that the destination Internet-Protocol (IP) address for a trading partner is invalid before attempting to connect to the trading partner. This can be caused by an invalid or incorrect To-URL value in the database. This can also be caused by a failure of the underlying network's DNS (Domain Name Service) to resolve an Internet host name to a dot-notated address.

8457/2109 AS2_ERR_BADHEADERLEN

Unable to process MIME Header - The application cannot process a MIME header because it exceeds the currently supported maximum-length for a MIME header. For Commerce Suite Version 3.1 the maximum header length is 512 characters.

8458/210A AS2_ERR_NOCERTIFICATE

AS2 Error - No certificate - Encryption was specified, but a certificate does not exist.

8459/210B AS2_ERR_NONHTTP2XX

AS2 Error - HTTP response codes ignored - Trading partner rejected the transaction for some reason.


Error Code


70

Introduction .................................................................................................... 72Database Schema Tables.............................................................................. 72

accesscategory.................................................................................................................72agentrole...........................................................................................................................72as2name ...........................................................................................................................72certkey ..............................................................................................................................73cipher ................................................................................................................................73compression .....................................................................................................................73email .................................................................................................................................74errorcode ..........................................................................................................................74filenamehist.......................................................................................................................74grouppermission ...............................................................................................................74hash ..................................................................................................................................75icssysinfo ..........................................................................................................................75keyencryption....................................................................................................................75keypair ..............................................................................................................................76keyusagecode...................................................................................................................76notice ................................................................................................................................77opdescription ....................................................................................................................78org.....................................................................................................................................78orgtpcert............................................................................................................................79p2proute............................................................................................................................79permission ........................................................................................................................80protocolcode .....................................................................................................................80relationship .......................................................................................................................80server................................................................................................................................81servercomputer.................................................................................................................81sscipher ............................................................................................................................81sscompression..................................................................................................................81sshash ..............................................................................................................................82sskeyencryption ................................................................................................................82tp.......................................................................................................................................82tporgstatus ........................................................................................................................83tpurl...................................................................................................................................84usergroup..........................................................................................................................84userlogin ...........................................................................................................................85workorder..........................................................................................................................85

Appendix C: Database Schema for Commerce Suite Deployments

Appendix C: Database Schema for Commerce Suite DeploymentsIntroduction

IntroductionThis appendix illustrates the database schema used by Commerce Suite during database creation. The database schema consists of tables and the appropriate fields related to each table. These tables are created when the SQL scripts are implemented during database setup. The SQL scripts are contained in the Commerce Suite install package.

Database Schema TablesThe database schema field and data type information for each database table is listed in alphabetical order below.

accesscategory

agentrole

as2name

FIELD DATA TYPE

id Integer

categorykey Char(10)

description Char(40)

FIELD DATA TYPE

agentroleid Char(1)

agentrolename Char(30)

FIELD DATA TYPE

id Integer

as2name Char(32)

tpid Integer

orgid Integer

72

Appendix C: Database Schema for Commerce Suite DeploymentsDatabase Schema Tables

certkey

cipher

compression

FIELD DATA TYPE

certkeyid Integer

validfrom Char(14)

validto Char(14)

keyusage Char(1)

subjectname VarChar(512)

issuername VarChar(512)

serialnbr VarChar(255)

certdata VarChar(4000)

keydata VarChar(2000)

FIELD DATA TYPE

id Integer

cipherid Integer

tpid Integer

orgid Integer

FIELD DATA TYPE

id Integer

compressionid Integer

tpid Integer

orgid Integer

73


email

errorcode

filenamehist

grouppermission

FIELD DATA TYPE

id Integer

email VarChar(50)

isdefault Char(1)

tpid Integer

orgid Integer

FIELD DATA TYPE

errcode Integer

errtext VarChar(1000)

FIELD DATA TYPE

as2fromname VarChar(32)

filename VarChar(255)

timestamp VarChar(14)

FIELD DATA TYPE

id Integer

groupid Integer

permissionkey Char(20)

74


hash

icssysinfo

keyencryption

FIELD DATA TYPE

id Integer

hashid Integer

tpid Integer

orgid Integer

FIELD DATA TYPE

tcmversion Char(10)

tcmbuilddatetime Char(14)

dbtype Char(10)

schemaversion Char(10)

schemabuilddatetime Char(14)

FIELD DATA TYPE

id Integer

keyencryptionid Integer

tpid Integer

orgid Integer

75


keypair

keyusagecode

FIELD DATA TYPE

fromname Char(32)

toname Char(32)

keyusage Char(1)

pending Char(1)

encrypted Char(1)

status Char(1)

certkeyid Integer

certfile VarChar(255)

keyfile VarChar(255)

FIELD DATA TYPE

keyusagecode Char(1)

usagestring VarChar(50)

keyusagenbr SmallInt

description Char(20)

76


notice

FIELD DATA TYPE

noticeid Char(22)

opcode Char (8)

fromname Char(32)

toname Char(32)

notifyname Char(40)

msgid VarChar(255)

subject Char(64)

msgdigest Char(28)

begintime Char(14)

endtime Char(14)

agentrole Char(1)

batchnumber Integer

bytesincount Integer

bytesoutcount Integer

errcode Integer

filesize Integer

srcipaddress Char(15)

destipaddress Char(15)

srcipport SmallInt

destiport SmallInt

attemptcount SmallInt

attemptlimit SmallInt

origfilename VarChar(255)

agentname VarChar(20)

sendparams VarChar(255)

errtext VarChar(255)

storedfile Varchar(255)

origtxnid Char(10)

taskid Char(10)

payload VarChar(255)

77


opdescription

org

FIELD DATA TYPE

opcode Char(8)

opdescription VarChar(50)

FIELD DATA TYPE

orgid Integer

orgname VarChar(128)

status Char(1)

type Char(1)

parentid Integer

sterlingconnectenterprise Char(1)

foldheader Char(1)

sslcompression Char(1)

contexttxcoding Char(1)

sendmdn Char(1)

sendmdnsyn Char(1)

signmdn Char(5)

address1 VarChar(100)


city VarChar(50)

state VarChar(50)

postalcode Char(20)

country VarChar(50)

region VarChar(50)

pcname VarChar(50)

pctitle VarChar(50)

pcemail VarChar(50)

pcphone Char(20)

pcphoneext Char(10)

78


orgtpcert

p2proute

pcpager Char(20)

pcpagerpin Char(10)

pcmobil Char(20)

scname VarChar(50)

sctitle VarChar(50)

scemail VarChar(50)

scphone Char(20)

scphoneext Char(10)

scpager Char(20)

scpagerpin Char(10)

scmobil Char(20)

FIELD DATA TYPE

id Integer

certkeyid Integer

serialnbr VarChar(150)

status Char(1)

keysusagevalidcd Char(2)

orgid Integer

tpid Integer

FIELD DATA TYPE

fromname VarChar(64)

toname VarChar(64)

p2pcondition VarChar(255)

filter VarChar(255)

url VarChar(255)

FIELD DATA TYPE

79


permission

protocolcode

relationship

FIELD DATA TYPEid Integercategory Char(10)permissionkey Char(15)description VarChar(100)displayorder Integer

FIELD DATA TYPEprotocolid Integerprotocol Char(10)

FIELD DATA TYPEfromname VarChar(32)toname VarChar(32)protocol Integernotifyname Char(40)inbox Char(40)tourl VarChar(255)rcpturl VarChar(255)sendparams VarChar(255)hashoption Integercipheroption Integercompressionoption Integerrequestreceipt Char(1)asyncreceipt Char(1)receipthashoption Integerfromorgid Integerfromtpid Integertoorgid Integertotpid Integerid Integer

80


server

servercomputer

sscipher

sscompression

FIELD DATA TYPE

agentname Char(20)

peergroup Char(1)

agentrole Char(1)

url VarChar(255)

controlurl VarChar(255)

orgid Integer

FIELD DATA TYPE

id Integer

computername Char(50)

orgid Integer

FIELD DATA TYPE

id Integer

ciphername VarChar(50)

isdefault Char(1)

FIELD DATA TYPE

id Integer

compressionname VarChar(50)

isdefault Char(1)

81


sshash

sskeyencryption

tp

FIELD DATA TYPE

id Integer

hashnname VarChar(50)

isdefault Char(1)

FIELD DATA TYPE

id Integer

keyencryptionname VarChar(50)

isdefault Char(1)

FIELD DATA TYPE

tpid Integer

tpname VarChar(128)

status Char(1)

sterlingconnectenterprise Char(1)

addressnote VarChar(100)



city Char(40)

state Char(40)

postalcode Char(20)

country Char(50)

bcname Char(40)

bctitle Char30)

bcdept VarChar(50)

bcphone Char(20)

bcmobil Char(20)

82


tporgstatus

bcpager Char(20)

bcemail VarChar(50)

tcname Char(40)

tctitle Char(30)

tcdept VarChar(50)

tcphone Char(20)

tcmobil Char(20)

tcpager Char(20)

tcemail VarChar(50)

ocname Char(40)

octitle Char(30)

ocdept VarChar(50)

ocphone Char(20)

ocmobil Char(20)

ocpager Char (20)

ocemail VarChar(50)

commtype Char(10)

foldheader Char(1)

sslcompression Char(1)

contexttxcoding Char(1)

sendmdn Char(1)

sendmdnsyn Char(1)

signmdn Char(5)

FIELD DATA TYPE

id Char(1)

Status Char(10)

FIELD DATA TYPE

83


tpurl

usergroup

FIELD DATA TYPE

id Integer

protocol Char(5)

server VarChar(128)

port Char(100)

urlresource VarChar(100)

isdefault Char(1)

tpid Integer

orgid Integer

FIELD DATA TYPE

groupid Integer

groupname VarChar(75)

description VarChar(100)

orgid Integer

84


userlogin

workorder

FIELD DATA TYPE

userid Integer

firstname Char(30)

middleinitial Char(1)

lastname Char(30)

title Char(30)

phone Char(20)

mobil Char(20)

pager Char(20)

email VarChar(50)

pager2 Char(20)

email2 VarChar(50)

login Char(20)

password Char(20)

orgid Integer

groupid Integer

FIELD DATA TYPE

workorderid Integer

fromname Char(32)

toname Char(32)

notifyname Char(40)

status Char(1)

statustime Char(14)

begintime Char(14)

endtime Char(14)

batchnumber Integer

command VarChar(255)

85

Glossary

AActive ModeRefers to an FTP Transport Agent. Active mode is beneficial to the FTP server, but not the client. In Active mode, the FTP server attempts to make connections to random high ports on the client, which may be blocked by a firewall on the client side.

AgentAn instance of the Commerce Suite Server Version 3 application configured to provide services to a particular role, i.e. Administrator, Transport, or Router.

Administrator AgentAn instance of the Commerce Suite Server application configured to provide administrative services including the remote configuration of Transport and Router Agents and access to centrally located configuration data.

Application ServiceSee Service.

AS1A draft specification first published in the Internet Engineering Task Force (IETF) standard’s track. AS stands for Applicability Statement and is a specification about how to transport data, not how to validate or process data. AS1 provides an Internet solution for securely exchanging EDI and XML over the Internet using SMTP.

AS2A draft specification first published in the Internet Engineering Task Force (IETF) standard’s track. AS stands for Applicability Statement and is a specification about how to transport data, not how to validate or process data. AS2 specifies the means to connect, deliver, validate, and reply to (receipt) data in a secure and reliable way. AS2 provides an Internet solution for securely exchanging EDI over the Internet

using the hypertext transmission protocol (HTTP) instead of the simple mail transport protocol (SMTP) as the transport protocol.

Asymmetric Cryptographic AlgorithmA cryptographic algorithm that uses two related keys, a public-key and a private-key. The two keys have the property that, given the public key, it is computationally infeasible to derive the private key.

AttackAn attempt to subvert or bypass a system’s security, which may or may not be successful. Attacks may be active or passive. An active attack attempts to alter or destroy data. A passive attack attempts to intercept and read data without altering it.

AuthenticationEnsures the accurate identification of both the sender and the receiver. Authentication is accomplished using digital signatures.

BB2BSee Business to Business Commerce.

BASE64 EncodingBase64 encoding takes three bytes, each consisting of eight bits, and represents them as four printable characters in the ASCII standard. This is done using essentially two steps:

1) Convert three bytes to four numbers of six bits. Each character in the ASCII standard consists of seven bits. Base64 only uses 6 bits (corresponding to 2^6 = 64 characters) to ensure encoded data is printable and humanly readable. None of the special characters available in ASCII are used. The 64 characters are 10 digits, 26 lowercase charac-ters, 26 uppercase characters as well as '+' and '/'.

2) Convert these numbers to ASCII characters us-ing the Base64 encoding table.

This process is applied to the whole sequence of bytes that are encoded. To ensure the encoded data can be properly printed and does not exceed any mail server's line length limit, newline characters are inserted to keep line lengths below 76 characters. The newline characters are encoded like all other data.

Business to Business Commerce

Commercial transactions enacted between businesses and individuals. Historically, electronic business to business commerce has been handled via Electronic Data Interchange, but recently months have seen eXtensible Markup Language gain in popularity.

CCASee Certificate Authority.

CertificateAn electronic document that verifies that the owner has a relationship with parties involved in a transaction, such as a Cardholder that has a relationship with an issuing bank or merchant that has a relationship with an acquiring bank. A certificate authorizes its owner to perform certain tasks and authenticates the owner to other parties in the transaction, assuring that the party presenting the certificate is the same party to which it was originally issued.

Certificate AuthorityThe party which issues, renews, and revokes Certificates. The SET protocol provides for a hierarchy of certificate authorities. The Root CA issues certificates to brand CAs. Brand CAs, in turn, issue certificates to EECAs, which issue certificates to Cardholders, Merchants, and Payment Gateways. Optionally, a brand CA may issue certificates to geopolitical CAs, which are responsible for issuing certificates to end entity CAs in specific geographic or political areas. The the SET protocol, certificates are validated by following their signature chains up the hierarchy of trust to the root CA.

Certificate PolicyWhen a CA issues a certificate, it is stating to a certificate user that a particular public-key is bound to a particular entity. Different certificates are issued with different practices and procedures, and may be suitable for different applications or purposes.

Certificate Revocation ListA list of public Keys that a Certificate Authority has revoked before their scheduled expiration dates.

Clear TextThe unencrypted, readable text of a message.

CipherA key-selected transformation between plaintext and ciphertext. An algorithm for putting a message into code by transposition and/or substitution of symbols.

CompressionThe ability to represent data in forms that take less storage than the original. The limit to this is the amount of uniqueness in the data. It is not possible to compress everything down to a single byte, because a byte can only select 256 different results. Data compression is either “lossy,” in which some information is lost, or “lossless,” in which all of the original information can be completely recovered.

Communications ProtocolAll communications between devices require that the devices agree on the format of the data. The set of rules defining a format is called a protocol. At the very least, a communications protocol must define the following:

•rate of transmission (in baud or bps)

•whether transmission is to be synchronous or asynchronous

•whether data is to be transmitted in half-duplex or full-duplex mode.

In addition, protocols can include sophisticated techniques for detecting and recovering from transmission errors and for encoding and decoding data.

ConfidentialityInformation is not made available or disclosed to unauthorized individual, entities, or processes.

Glossary, continued

87

Configuration FileA text file containing one or more Console Command statements. A Configuration File can be processed automatically by the Commerce Suite Server application upon startup if it is named icssvr.cfg and stored in the same directory location as the Commerce Suite Server executable program. A Configuration File can also be processed if the -f parameter is entered as a run-time program argument or as a console command.

Control AddressThe IP address portion of the IP Address and Port used by the Commerce Suite Server Transport and Router Agents to listen for incoming control messages from a supervising Administrative Agent; configured using the -ca Set Option.

Control PortThe IP Port portion of the IP Address and Port used by the Commerce Suite Server Transport and Router Agents to listen for incoming control messages from a supervising Administrative Agent. Configured using the -cp Set Option.

Control ServiceThe set of application tasks which execute within the context of a thread of execution to process incoming commands being sent by an Administrator Agent. The Control Service is required by Commerce Suite Server Agents acting in the Transport or Router Role, if the Agent is being remotely configured.

CRLSee Certificate Revocation List.

CryptographyThe process of protecting information by transforming it into an unreadable format. The information is encrypted using a Key, which makes the data unreadable, and is then decrypted later when the information needs to be used again.

Cypher TextData that has been transformed from a plaintext form into encrypted text (an unreadable form) using an encryption process.

DData CompressionStoring data in a format that requires less space than usual. Compressing data is the same as packing data. Data compression is particularly useful in communications because it enables devices to transmit the same amount of data in fewer bits.

DatabaseA structure to store data, usually as elements, so that a variety of applications can use it, unlike the traditional file structure requiring different files for each application.

Data IntegrityThe property that signifies that data is not altered, destroyed, or otherwise compromised.

DBMSSee Database Management System.

DEFLATESpecifies the DEFLATE compression algorithm used to reduce the file transfer overhead. The DEFLATE compression algorithm is a lossless compressed data format that compresses data using a combination of the LZ77 algorithm and Huffman coding.

Delivery NotificationA message formatted according to (AS2) that is sent to a sending host computer to indicate the disposition of a received message. The format of Delivery Notifications used by Commerce Suite Server is the Message Delivery Notification. or MDN, as defined in MDN.

DESSee Digital Encryption Standard.

Diffie-Hellman Key Exchange AlgorithmA cryptographic technique that enables sending and receiving parties to derive a shared, secret key at both ends without disclosing it to a potential attacker. Using a common modulus and base, both sides use a different random number as a power to perform a modular exponentiation. The results are sent to each

Glossary, continued

88

other. The receiving party raises the received number to the same random power they used before and the results are the same on both sides.

Digital CertificateA document that contains name, serial number, expiration dates and a copy of the owner’s public key; used to encrypt data and validate signatures.

Digital Encryption StandardA Private Key Encryption standard approved by the US Government for encryption of data when implemented in hardware. Uses 56-bit encryption.

Digital EnvelopeThe encrypted private Key that is used to decode an accompanying encrypted message. The sender’s software first randomly generates the private key and uses it to encrypt the message data. The software then encrypts the private key itself using the recipient’s public key. The message and digital envelope (the encrypted key) are sent to the recipient. The recipient then uses his own private key to decrypt the message envelope and then uses the decrypted private key to decode the actual message.

Digital SignatureA digital code that can be attached to an electronically transmitted message that uniquely identifies the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be. Digital signatures are especially important for electronic commerce and are a key component of most authentication schemes. To be effective, digital signatures must be unforgeable. There are a number of different encryption techniques to guarantee this level of security.

Document DigestA unique “fingerprint” summary (128 or 160 bits long) of an input file. It is used to create a digital signature and to ensure that the file has not been altered. It is also called a hash and is produced by a checksum program that processes a file.

DSSSpecifies the Digital Signature Algorithm (DSA) for digital signature generation and verification. The DSA is used by a signatory to generate a digital signature on data and by a verifier to verify the authenticity of

the signature. Each signatory has a public and private key. The private key is used in the signature generation process and the public key is used in the signature verification process.

EEDISee Electronic Data Interchange.

Electronic CommerceA term for conducting commercial transactions electronically, usually involving the exchange of payment between two parties. Unlike EDI, eCommerce recognizes the need for some human to human communication.

Electronic Data InterchangeThe transfer of data between different companies using networks, such as the Internet. As more and more companies get connected to the Internet, EDI is becoming increasingly important as an easy mechanism for companies to buy, sell, and trade information. ANSI has approved a set of EDI standards known as the X12 standards.

EDIINTEDI Over the Internet Working Group - a working group of the IETF that developed the AS1 and AS2 proposed standards.

EncryptionA process that uses a mathematical algorithm and a key to transform data into an unreadable format (called cyphertext). A receiver can then use a key to restore the data to its original content.

EnterpriseLiterally, a business organization. In the computer industry, the term is often used to describe any large organization that utilizes computers. An intranet, for example, is a good example of an enterprise computing system.

Glossary, continued

89

ExtranetExtension of control beyond internal web infrastructure to allow business partners and other trusted organizations to interact in a controlled, trusted environment.

eXtensible Markup LanguageA method for creating data formats that can be shared on the World Wide Web.

FFIPSFederal Information Processing Standard.

FirewallA system designed to prevent unauthorized access to or from a private network, usually unauthorized access from the Internet into a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.There are several types of firewall techniques:

•Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

•Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.

•Circuit -level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

•Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

In practice, many firewalls use two or more of these techniques in concert. A firewall is considered a first line of defense in protecting private information. For further security, data can be encrypted.

ForgeryFabrication of information and/or the claim that such information was received from an individual, entity, or process that did not originate it.

GGraphical User InterfaceA GUI (usually pronounced GOO-ee) is a graphical user interface that takes advantage of the computer's graphics capabilities to make the program easier to use. Well-designed graphical user interfaces can free the user from learning complex command languages. On the other hand, many users find that they work more effectively with a command-driven interface, especially if they already know the command language.

GZIPSpecifies a lossless compressed data format that is compatible with the widely used GZIP utility. This format includes a cyclic redundancy check value for detecting data corruption.

HHashA hash value (or simply hash) is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value. Hashes play a role in security systems where they're used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they're the same, there is a very high probability that the message was transmitted intact.

Glossary, continued

90

HTTPSee Hypertext Transfer Protocol.

Hypertext Transfer ProtocolHypertext Transfer Protocol (HTTP) is the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.

IIETFInternet Engineering Task Force - The Internet Engineering Task Force is a large, open, international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.

In-Beacon ServiceThe set of application tasks that execute within the context of a single application thread to receive UDP packets sent by one or more Transport Agents. Commerce Suite Server Agents configured for the Router Role (Router Agents) use the In-Beacon Service to collect these UDP packets to maintain current information about active Transfer Agents on the local network segment.

Inbound ServiceOne or more sets of application tasks that execute within the context of one or more threads of execution to process incoming data being sent by a remote host computer. The Inbound Service consists of, at least, one inbound thread listening for incoming TCP/IP connections on a particular protocol (HTTP or HTTPS). The Inbound Service creates an Inbound Session thread for each separate incoming connection. Each discrete protocol is serviced by a separate Inbound Main thread, which is assigned a unique IP address and port on which to listen for incoming connections.

IntegrityEnsures that data is not tampered with or corrupted in transit. Integrity is accomplished using document digests and digital signatures.

InterfaceA mechanism through which outside components interact with software.

InteroperabilityThe ability of software and hardware on different machines from different vendors to share data.

InterrogationTo ask a computer or network for information.

IntranetAn internal network based on web servers that use Internet protocols and technology. A network based on TCP/IP protocols (an internet) belonging to an organization, usually a corporation, accessible only by the organization’s members, employees, or others with authorization. An intranet’s Web sites look and act just like any other Web sites, but the firewall surrounding an intranet fends off unauthorized access.

IPAbbreviation for Internet Protocol, pronounced as two separate letters. IP specifies the format of the packets, also called datagrams, and the addressing scheme. Most networks combine IP with a higher-level protocol called Transport Control protocol (TCP), which establishes a virtual connection between a destination and a source.IP by itself is something like the postal system. It allows you to address a package and drop it in the system, but there’s no direct link between you and the recipient. TCP/IP, on the other hand, establishes a connection between two hosts so that they can send messages back and forth for a period of time.

IP AddressAn identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.within an isolated network, you can assign IP addresses at random as long as each one is unique. However, connecting a private network to the Internet requires using registered IP addresses (called Internet addresses) to avoid duplicates.

Glossary, continued

91

The four numbers in an IP address are used in different ways to identify a particular network and a host on that network. The InterNIC Registration Service assigns Internet addresses from the following three classes:

•Class A: supports 16 million hosts on each of 127 networks.

•Class B: supports 65,000 hosts on each of 16,000 networks.

•Class C: supports 254 hosts on each of 2 million networks.

The number of unassigned Internet addresses is running out, so a new classless scheme called CIDR is gradually replacing the system based in classes A, B, and C, and is tied to adoption of IPv6.

KKeyA password or table needed to decipher encoded data.

Key EncryptionThe translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.

Key ManagementThe generation, storage, secured distribution and application of keying material in accordance with a security policy.

Key PairIn public key cryptography, a public key and its corresponding private key.

LLDAPSee Lightweight Directory Access Protocol.

Lightweight Directory Access Protocol (LDAP)A set of protocols for accessing information directories. LDAP is based on the standards contained within the X.500 standard, but it is significantly simpler. And unlike X.500, LDAP supports TCP/IP, which is necessary for any type of Internet access. Because it is a simpler version of X.500, LDAP is sometimes called X.500-lite. Although not yet widely implemented, LDAP should eventually make it possible for almost any application running on virtually any computer platform to obtain directory information, such as email addresses and public keys. Because LDAP is an open protocol, applications need not worry about the type of server hosting the directory.

Local Area Network (LAN)A group of computers, printers, and file servers linked together in a single building in order to share resources.

MMD5Specifies the Message Digest Algorithm used to verify a file’s integrity. The MD-5 is a one-way algorithm that takes any length of data and produces a 128-bit “fingerprint” or “message digest”. This fingerprint is “non-reversible”, meaning that the data cannot be determined based on its MD-5 fingerprint.

MessageA communication containing one or more transactions or related information.

Message DigestA mathematical value unique to a message, created by running the message through the SHA1 hash function. The resulting message digest is then encrypted using the sender’s private key and then appended to the message as the Digital Signature.

Message Disposition Notification (MDN)A Message Disposition Notification (MDN) message is a response message defined to ensure the secure reliable delivery of messages for AS1 and AS2 protocols.

Glossary, continued

92

MIMEMultipurpose Internet Mail Extension - MIME is a specification for enhancing the capabilities of standard Internet electronic mail. It offers a simple standardized way to represent and encode a wide variety of media types for transmission using Internet mail.

NNetworkTwo or more computers connected by a communications protocol, allowing transfer of information (voice or data), from one to another. There are many types of computer networks, including:

• local-area networks (LAN): The computers are geographically close together (that it, in the same building).

•wide-area networks (WAN): The computers are farther apart and are connected by telephone lines or radio waves.

In addition to these types, the following characteristics are also used to categorize different types of networks:

• topology: The geometric arrangement of a computer system. Common topologies include a bus, star, and ring.

•protocol: The protocol defines a common set of rules and signals that computers on the network use to communicate. One of the most popular protocols for LANs is called Ethernet. Another popular LAN protocol for PCs is the IBM token-ring network.

•architecture: Networks can be broadly classified as using either a peer-to-peer or client/server architecture.

Computers on a network are sometimes called nodes. Computers and devices that allocate resources for a network are called servers.

NISTNational Institute of Standards and Technology. A part of the U.S. Department of Commerce, formerly called the National Bureau of Standards, that defines standards for voice, data, and video transmissions, encryption, and other kinds of technology.

Non-repudiation of ReceiptConfirms that the intended party received the data. This is accomplished using digital signatures and signed MDNs.

OODBCSee Open Database Connectivity.

Open Database ConnectivityA standard database access method developed by Microsoft Corporation. The goal of ODBC is to make it possible to access any data from any application, regardless of which Database Management System (DBMS) is handling the data.

Out-Beacon ServiceThe set of application tasks that execute within the context of a single thread of execution to periodically transmit a small packet of data identifying the Transport Agent to one or more Router Agents. The Out-Beacon Service emits a UDP packet containing the IP Addresses and Ports on which the Agent is currently listening. Router Agents collect these packets to dynamically build a current list of Transport Agents to which inbound data can be routed for processing.

Outbound ServiceThe set of application tasks that execute within the context of one or more threads of execution to process requests for outgoing message delivery. The Outbound service consists of, at least, the main outbound thread that processes send transactions from the Outbound Queue. The main outbound thread creates an Outbound Session thread for each separate send request.

O/SOperating system, controls hardware and software allowing application processing to take place.

Glossary, continued

93

PPassive ModeIn Passive mode, the client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side. Since FTP servers need to be accessible to the greatest number of clients, most administrators need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use.

PKCSSee Public-Key Cryptography Standards.

PKCS #1 RSA Cryptography StandardThe PKCS#1 standard provides recommendations for the implementation of public-key cryptography based on the RSA algorithm, covering the following aspects: cryptographic primitives; encryption schemes; signature schemes with appendix; ASN.1 syntax for representing keys and for identifying the schemes.

PKCS#7 Cryptographic Message Syntax StandardA message that uses the syntax specified in Public-Key Cryptography Standard #7. The Globeset CA provides a facility for receiving PKCS7 messages from higher CAs. Those PKCS7 messages contain the certificates that the Certificate Authority has requested.

PKCS#10 Certification Request Syntax StandardA certificate request that uses the syntax specified in Public-Key Cryptography Standard #10. Certificate requests are sent to CAs, who then return certificates. For example, the Globeset CA creates PKCS10 messages which it sends to a brand CA or geopolitical CA to obtain the certificates it uses.

PKISee Public Key Infrastructure.

PKI ServiceThe set of application tasks that execute within the context of a single thread of execution to proactively search the configuration database for public-key certificates which are nearing their expiration date.

The PKI Service implements the nuBridges Zero-Administration PKI architecture, to facilitate the automated renewal of public-key certificates.

Plain TextUnencrypted data.

PortA specific communications end-point to a logical connection and the way a client program specifies a specific server program on a computer in a network.

PrivacyEnsures that only the intended receiver can view the data. This is accomplished using a combination of encryption algorithms and message packaging.

Private KeyA value known only to the owner, used to create a signature and decrypt data encrypted by its corresponding public key.

Private Key CryptographyAn encryption method which uses a single key for encoding and decoding a message.

Public KeyA value, known by everyone to whom the certificate has been distributed, used to encrypt data and validate a digital signature. Although mathematically related to the private key, it is astronomically difficult to derive from the public key.

Public Key CryptographyAn encryption method that uses two Keys: one key to encrypt the message and another key to decrypt the message. The two keys are mathematically related so that the data encrypted with either key can only be decrypted using the other. Each user has a public and a private key, and only the public key is distributed to parties with which the user exchanges encrypted messages.

Public-Key Cryptography StandardsA set of standards for implementing Private-Key Cryptography, issued by RSA Data Security, Inc. in collaboration with an industry consortium that includes a large number of hardware and software manufacturers. Documentation for the standards is available from RSA’s FTP site.

Glossary, continued

94

Public Key InfrastructurePublic Key Infrastructure is a system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. PKIs are currently evolving and there is no single PKI or even a single agreed-upon standard for setting up a PKI.

Commerce Suite ServernuBridges Commerce Suite Server Agent, Version 3.X.

RRC2Specifies the Rivest’s Cipher encryption algorithm used to encrypt and decrypt messages. RC-2 is a conventional (secret key) block encryption algorithm and has a block size of 64-bits with a variable key size from one byte up to 128 bytes.

RoleThe set of Commerce Suite Server Application Services operating within a single instance of the Commerce Suite Server application (a process) which, taken together, comprise a logical functional unit in an Commerce Suite network. The Roles supported by Commerce Suite Server are Administrator, Router, and Transport.

Root CAThe Certificate Authority which issues certificates to brand CAs (superior CAs). The Root CA is also sometimes called the Supreme CA.

RosettaNetAn organization focused on building a master dictionary to define properties for products, partners, and business transactions. RosettaNet can be found at http://www.rosettanet.com.

Router AgentAn instance of the Commerce Suite Server application configured to provide routing services including round-robin selection of Transport Agents, message-queuing and fail-over retransmission.

RSAAn internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browser from Netscape and Microsoft.

SSecret Key CryptographyAn encryption method which uses the same Key to encrypt and decrypt a message. The sender and recipient must share the key.

Secure Electronic Transaction ProtocolA protocol developed jointly by Visa and MasterCard that allow secure credit card transactions over open networks, specifically the Internet.

Secure Sockets LayerShort for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.

Serializer ServiceThe set of application tasks that execute within the context of a single thread of execution to serialize the access of shared application resources by other application threads. The Serializer Service is started automatically at application startup and is required by all Commerce Suite Server Roles. Serialized resources include shared memory areas, directories, and the database.

ServiceA discrete set of Commerce Suite Server application tasks that provide a logical service to the Agent. The Services supported by Commerce Suite Server are: Serializer, Outbound, Inbound, Control, PKI, Work-

Glossary, continued

95

Order, User Interface, Out-Beacon, and In-Beacon. Sets of concurrently executing Services are combined to define Commerce Suite Server Roles.

SETSee Secure Electronic Transaction Protocol.

SHA-1Specifies the Secure Hash Algorithm used to verify a file’s integrity. The SHA-1 generates a condensed representation of a message called a message digest. The SHA-1 is used by both the transmitter and intended receiver of a message in computing and verifying a digital signature.

SignatureSee Digital Signature.

SocketsSockets are a method for communication between a client program and a server program in a network. A socket is defined as the endpoint in a connection. Sockets are created and used with a set of programming request (function calls) sometimes called the sockets API. The most common sockets API is the Berkeley UNIC C interface for sockets. Sockets can also be used for communication between processes within the same computer.

S/MIMESecure MIME - S/MIME (Secure/Multipurpose Internet Mail Extensions) provides a consistent way to send and receive secure MIME data. Based on the popular Internet MIME standard, S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption).

SMTPSimple Mail Transport Protocol - An Internet standard for transporting email.

SNMPSee Simple Network Management Protocol.

Simple Network Management ProtocolA set of protocols for managing complex networks. The first versions of SNMP were developed in the early 80s. SNMP works by sending messages, called protocol

data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requesters.

SSLSee Secure Sockets Layer.

Strong EncryptionA term given to describe a cryptosystem that uses a key of sufficient length that it becomes effectively impossible to break the cypher within a meaningful time frame.

SubscriberAn entity which receives a certificate from a CA.

Supply Chain ManagementThe process of optimizing a company’s internal practices, as well as the company’s interaction with suppliers and customers, in order to bring products to market more efficiently. A company that performs these functions most effectively is in a position to deliver products more quickly, and at a lower cost or higher profit margin, than its competitors.

Symmetric EncryptionA type of encryption where the same key is used to encrypt and decrypt the message. This differs from asymmetric (or public-key) encryption, which uses one key to encrypt a message and another to decrypt the message.

TTCP/IPTransmission Control Protocol/Internet Protocol or the suite of standard protocols that enable computers to inter-communicate on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as NetWare, also support TCP/IP.

Glossary, continued

96

ThreadA logical sequence or program instructions that are executed independently.

Transport AgentAn instance of the Commerce Suite Server application configured to provide transport services including the compression, encryption and delivery of data, the verification of digital signatures and the construction and transmission of Delivery Notifications.

Triple Data Encryption StandardTriple Data Encryption Standard (DES3) is a derivative of Data Encryption Standard (DES) that has served as the cornerstone of data encryption for almost 40 years. DES-3 is DES run three times with three different keys. It uses a 192-bit key and has an effective strength of 112-bits.

UUCCUniform Code Council, Inc.

UDPUser Datagram Protocol. A simple, datagram-oriented, transport layer protocol, used by Commerce Suite Server to facilitate dynamic pools of Transport Agents marshaled by a Router Agent. The Transport Agents use UDP as the underlying protocol to transmit small informative packets of data identifying their inbound protocol ports.

Uniform Resource LocatorThe global address used for locating resources on the web.

URLSee Uniform Resource Locator.

User-Interface ServiceThe set of application tasks that execute within the context of a single thread of execution to return HTML-formatted application-status information to a web-browser. The User-Interface Service is not required by any Commerce Suite Server Role. However, any

Commerce Suite Server Agent can enable the User-Interface Service so that its current status can be remotely viewed via a Web-browser.

VVirtual Private Network (VPN)A controlled, trusted network structure that incorporates end-to-end encryption, enabling a secure connection from any linked machine to any other.

WWork-OrderA set of one or more Console Commands sent to a Commerce Suite Server Agent to accomplish one or more specific tasks. The typical use of a Work-Order is to initiate an outbound delivery of data (a send).

Work-Order ServiceThe set of application tasks that execute within the context of a single thread of execution to query the database or a directory for Work Orders.

XXMLSee eXtensible Markup Language.

X.509V3X.509 Public Key Certificate and CRL Profile, Version 3, defined in CERT. The version of X.509 Public Key Certificate supported by Commerce Suite Server. A standard format for public key certificates and Certificate Revocation Lists (CRL). X.509 is a standard for security services within the X.500 directory services framework.

Glossary, continued

97

1000 Abernathy Road · Building 400, Suite 250 · Atlanta, Georgia 30328

800.251.4930 toll free · 770.730.3600 main · 770.730.3784 fax

[email protected] · www.nubridges.com

For technical support, call (866) 830-3600 or email [email protected].

commerce suite administration guide version 3.5.1_0710

Documents