Types of CEM messages

CEM messages exchanged between trading partners are XML documents. There are two kinds of messages: CEM request and CEM response. When replacing, the old certificates are used to sign CEM messages. This authenticates the identities of the senders.

CEM messages always concern replacement end-entity certificates. The CEM standard presumes partners already have exchanged public-key certificates, either to begin or continue a trading relationship.

Before sending a CEM request, a community obtains a replacement certificate and public-private key pair. In the certificate wizard, the community can generate a self-signed certificate or import a CA certificate.

The following describes how Activator handles request and response messages.

CEM request

A CEM request is an XML message sent by a community to one or more partners. The message asks partners to begin using the included public-key certificate in the trading relationship.

The message includes a respond-by date. Partners are asked to tell the community by that date whether the new certificate has been accepted.

The message also states the use for the new certificate (for example, signing, encryption, SSL). The following figure illustrates a CEM request.

A CEM request being sent from a community to partners, to ask them to use a new public key certificate.

CEM response

A CEM response, illustrated in the following figure, is an XML message sent by one or more partners. The message tells the community whether the partner has accepted the certificate in the CEM request.

If all partners accept the certificate before or on the respond-by date, the community installs the certificate. If even a single partner rejects the certificate, the community does not implement the certificate. The following figure illustrates a CEM response.

A CEM response being returned by partners to a community. This response informs the community about whether a request is accepted.

Related Links