PeSIT communication profiles

Product PeSIT communication profiles use private certificates, while partner PeSIT communication profiles use public certificates.

The examples below reference an already created certificate using the alias when creating a communication profile.

PeSIT certificates for Transfer CFT differ from those required by SecureTransport.

Transfer CFT PeSIT client communication profile

Before you start

  • Retrieve the business id of the product.
  • Create a private certificate on the product.

Field

Description

id

Business id of the product

name

Name of the client communication profile

pesit login

PeSIT Login

pesitPassword

Password associated with login

certificateAlias

Name of the existing certificate. See Create certificates.

preconnection Configure a preconnection step for communication between SecureTransport and a partner
preconnectionPassword Password associated with preconnection ID

Without security (SSL)

When no SSL is used,  set the login and password in the client communication profile.

Create a PeSIT client communication profile for Transfer CFT with no SSL as follows:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

    "name": "TCP1_PESIT_none",

    "type": "CLIENT",

    "protocol": "PESIT",

    "enabled": true,

    "properties": { "NET_CLASS": "1", "PROT_ID": "TCP1_PESIT1", "CNXINOUT": "64", "CNXIN": "64", "CNXOUT": "64", "RETRYM": "30", "RETRYN": "20", "RETRYW": "1", "NET_TYPE": "TCP" },

    "enableSSL": false,

    "fipsEnabled": false,

    "networkProtocol": "TCP",

    "pesitLogin": "CFTDPG-TEMPLATE-08",
    "pesitPassword": "08",

    "serverCertificateVerified": false

}

Server Only or Client Optional

PeSIT client communication profiles with SSL set as Client Optional or Server Only are not supported by Transfer CFT.

Mutual authentication

When SSL is enabled, you need to provide the certificate, PeSIT login and password in the client communication profile.

Create PeSIT client communication profile for Transfer CFT with SSL as follows:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

{

    "name": "PESIT_mutual",

    "type": "SERVER",

    "protocol": "PESIT",

    "enabled": false,

    "properties": { "NET_CLASS": "1", "PROT_ID": "prot5", "CNXINOUT": "4", "CNXIN": "2", "ALIAS": "CFTdpg-template-08", "CNXOUT": "2", "RETRYM": "30", "RETRYN": "20", "RETRYW": "1", "SSL_PARM": "", "SSL_ID": "SSL_DEFAULT", "SSL_ROOTCID": "", "NET_TYPE": "TCP" },

    "enableSSL": true,

    "fipsEnabled": false,

    "certificateAlias": "CFTdpg-template-08",

    "isPrivateCertificate": false,

    "networkProtocol": "TCP",

    "pesitLogin": "CFTDPG-TEMPLATE-08",
    "pesitPassword": "CFTDPG-08",

    "hosts": [ "dpg-templatecft8" ],

    "port": 12977,

    "clientAuthenticationRequired": "Yes"

}

SecureTransport client communication profile

Before you start

  • Retrieve the business id of the product.
  • Create a private certificate on the product.

Field

Description

id

Business id of the product

name

Name of the client communication profile

pesit login

Login used when protocol is PeSIT

password

Password associated with login

certificateAlias

Name of the existing certificate. See Create certificates.

No SSL

When no SSL is used, you set the login and password in the client communication profile.

Create a PeSIT client communication profile for SecureTransport as follows:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

{

    "name": "PESIT_ST_none",

    "type": "CLIENT",

    "protocol": "PESIT",

    "enabled": true,

    "networkZone": "Private",

    "enableSSL": false,

    "fipsEnabled": false,

    "networkProtocol": "TCP",

    "pesitLogin": "PESIT_ST1",
    "pesitPassword": "1",

    "serverCertificateVerified": false

}

Server Only

When SSL is enabled, and you want to use Server Only in the flow as the protocol SSL option, you need to provide the PeSIT login and password in the client communication profile.

Create a PeSIT client communication profile for SecureTransport as follows:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

{

    "name": "pesit_server_only",

    "type": "CLIENT",

    "protocol": "PESIT",

    "enabled": true,

    "networkZone": "Private",

    "enableSSL": true,

    "fipsEnabled": false,

    "networkProtocol": "TCP",

    "pesitLogin": "LOGIN3",
    "pesitPassword": "3",

    "serverCertificateVerified": true

}

Client Optional or Mutual authentication

When SSL is enabled, and you want to use Client Optional or Mutual Authentication in the flow as the protocol SSL option, you need to provide the certificate, PeSIT login, and password in the client communication profile.

Create PeSIT client communication profile for SecureTransport as follows:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

{

    "name": "pesit_mutual",

    "type": "CLIENT",

    "protocol": "PESIT",

    "enabled": true,

    "networkZone": "Private",

    "enableSSL": true,

    "fipsEnabled": false,

    "certificateAlias": "admind",

    "isPrivateCertificate": false,

    "networkProtocol": "TCP",

    "pesitLogin": "LOGIN_MUTUAL",
    "pesitPassword": "2",

    "serverCertificateVerified": true

}

PeSIT client communication profiles for acknowledgment

This section describes how to create a client communication profile to be used for acknowledgment in a PeSIT and SSL flow, where a partner pushes files to SecureTransport.

The client communication profile used for acknowledgments is available in the REST API flow JSON, however it does not display in the Central Governance user interface.

Retrieve the SecureTransport business identifier

Perform a GET to retrieve a list of business identifiers {businessId}. For this example, retrieve the identifier for <businessId SecureTransport>:

GET /products

Create a certificate

To use a certificate that is not already used in Central Governance for SecureTransport, you can generate a certificate and add it to Central Governance using REST API as follows:

  1. Generate the certificate.
    • Use an external tool, such as XCA, to generate a certificate and export it in p12 format.
  2. Encode the certificate.
    • Use the base64 external tool to encode the certificate. The output is the <encoded content> required in the next step.
      base64 -w 0 <certificate name>
  3. Add the encoded certificate content in SecureTransport.
    • Add the certificate to the product, where:
      • businessId is the <businessId SecureTransport>
      • certificateContent is the <encoded content>
    • POST /products/{{businessId}}/certificates

      {

      "isPrivateCertificate": true,

      "certificateContent": "<encoded content>",

      "certificatePassword": "My_certificate_password",

      "name": "mycgcertificatep12"

      }

Create the client communication profile

Using the certificate created in the previous section, create a client communication profile as follows:

POST /products/{{businessId}}/communicationprofiles

{   

    "name": "My SSL_Client for ack",

    "description": "PeSIT Client ComProfile over Secured Socket for Acknowledgment",

    "type": "CLIENT",

    "protocol": "PESIT",

    "enabled": true,

    "networkZone": "Private",

    "enableSSL": true,

    "fipsEnabled": false,

    "certificateAlias": "mycgcertificatep12",

    "isPrivateCertificate": true,

    "networkProtocol": "TCP",

    "pesitLogin": "MYACKLOGIN",

    "serverCertificateVerified": true

  }

Update the flow with the acknowledgment client communication profile

This section describes how to integrate the previously created client communication profile in the flow JSON.

  1. Retrieve the flow JSON as follows:
  2. GET /flows?name=my_flow

  3. Note the flow's business Id.
  4. Scroll to the protocol number 0 that corresponds with the partner – SecureTransport pair.
  5. Replace: "ackClientProfile": null
  6. With: "ackClientProfile": {"name": "My SSL_Client for ack"}
  7. Use any PeSIT client communication profile that matches the protocol SSL setting in the flow.
  8. Deploy the flow using REST API or the user interface. However, remember that the client communication profile used for acknowledgments does not display in the user interface flow.
Note If you edit this flow and set to do not use acknowledgment, the client communication profile used for acknowledgment is removed from the flow.

Transfer CFT PeSIT server communication profile

When creating a server communication profile for Transfer CFT in Central Governance, you have to deploy it on the Transfer CFT product.

Alternatively, you can use a server communication profile already created during Transfer CFT registration to Central Governance.

Before you start

  • Retrieve the business id of the product.
  • You need to know the host and port of the product.
  • Create a private certificate on the product

Field

Description

id

Business id of the product

host

Product host for the chosen network zone

port

Product PeSIT port for the chosen network zone

pesit login

Login used when protocol is PeSIT

password

Password associated with login

certificateAlias

Name of the already created PeSIT certificate. See Create certificates.

No SSL

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

"name": "cft_pesit_none",

    "type": "SERVER",

    "protocol": "PESIT",

    "enabled": true,

    "properties": { "NET_CLASS": "1", "PROT_ID": "TCP1_PESIT1", "CNXINOUT": "64", "CNXIN": "64", "CNXOUT": "64", "RETRYM": "30", "RETRYN": "20", "RETRYW": "1", "NET_TYPE": "TCP" },

    "enableSSL": false,

    "fipsEnabled": false,

    "networkProtocol": "TCP",

    "pesitLogin": "CFTDPG-TEMPLATE-08",
    "pesitPassword": "08",

    "hosts": [ "dpg-templatecft8" ],

    "port": 1866,

    "clientAuthenticationRequired": "Yes"

}

SSL enabled

When enableSSL is set to true, you must provide a certificateAlias.

You can set the clientAuthenticationRequired to the following values:

Product client authentication required

Protocol SSL/TLS

No

Not supported for Transfer CFT

Yes

Mutual Authentication

Optional

Not supported for Transfer CFT

The following example  creates a server communication profile with client authentication required set to Yes:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

{   

   "name": "cft_pesit_mutual",

   "type": "SERVER",

   "protocol": "PESIT",

   "enabled": false,

   "properties": { "NET_CLASS": "1", "PROT_ID": "prot5", "CNXINOUT": "4", "CNXIN": "2", "ALIAS": "CFTdpg-template-08", "CNXOUT": "2", "RETRYM": "30", "RETRYN": "20", "RETRYW": "1", "SSL_PARM": "", "SSL_ID": "SSL_DEFAULT", "SSL_ROOTCID": "", "NET_TYPE": "TCP" },

   "enableSSL": true,

   "fipsEnabled": false,

   "certificateAlias": "CFTdpg-template-08",

   "isPrivateCertificate": false,

   "networkProtocol": "TCP",

   "pesitLogin": "CFTDPG-TEMPLATE-08",
   "pesitPassword": "CFTDPG-08",

   "hosts": [ "dpg-templatecft8" ],

   "port": 12977,

   "clientAuthenticationRequired": "Yes"

}

SecureTransport PeSIT server communication profile

When creating a server communication profile for SecureTransport in Central Governance, you have to manually set the same communication profile on the SecureTransport product. Remember to restart the PeSIT service.

Alternatively, you can use a server communication profile already created during SecureTransport registration to Central Governance.

Before you start

  • Retrieve the business id of the product.
  • You need to know the host and port of the product.
  • Create a private certificate on the product.

Field

Description

id

Business id of the product

host

Product host for the chosen network zone

port

Product PeSIT port for the chosen network zone

pesit login

Login used when protocol is PeSIT

password

Password associated with login

certificateAlias

Name of the existing PeSIT certificate. See Create certificates.

No SSL

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

    "name": "ST_pesit_none",

    "description": "PeSIT over Plain Socket",

    "type": "SERVER",

    "protocol": "PESIT",

    "enabled": true,

    "networkZone": "Private",

    "enableSSL": false,

    "fipsEnabled": false,

    "networkProtocol": "TCP",

    "pesitLogin": "ST_DPG",
    "pesitPassword": "ST_DPG1",

    "hosts": [ "10.133.66.83" ],

    "port": 17617,

    "clientAuthenticationRequired": "No"

}

SSL enabled

When enableSSL is set to true, you must provide a certificateAlias.

You can set the clientAuthenticationRequired  to the following values:

Product client authentication required

Protocol SSL/TLS

No

Server Only

Yes

Mutual Authentication

Optional

Client Optional

The example below creates a server communication profile with client authentication required set to Optional:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

{   

    "name": "ST_pesit_mutual",

    "description": "PeSIT over Secured Socket",

    "type": "SERVER",

    "protocol": "PESIT",

    "enabled": true,

    "networkZone": "Private",

    "enableSSL": true,

    "fipsEnabled": false,

    "certificateAlias": "admind",

    "isPrivateCertificate": false,

    "networkProtocol": "TCP",

    "pesitLogin": "ST_DPG",
    "pesitPassword": "ST_DPG2",

    "hosts": [ "10.133.66.83" ],

    "port": 17627,

    "clientAuthenticationRequired": "Yes"

}

Partner PeSIT client communication profile

You can create a client communication profile for a partner using UI. See Partner communication profiles. Alternatively, you can create a client communication profile from REST API.

Before you start

  • Retrieve the business id of the partner.
  • Create a public certificate on the partner.

Field

Description

id

Business id of the product

login

Login used when protocol is PeSIT

password

PeSIT login password

certificateAlias

Name of the existing certificate. See Create certificates.

No SSL

Create PeSIT client communication profile with SSL set to None as follows:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

{

  "name": "pesit_none",

  "type": "CLIENT",
 "protocol": "PESIT",

  "enabled": true,

  "enableSSL": false,

 "fipsEnabled": false,

 "networkProtocol": "TCP",

 "pesitLogin": "login4",
"pesitPassword": "4",

 "serverCertificateVerified": false
}

Client optional

Client optional means you need to have on the corresponding product in the flow, a PeSIT server communication profile with Client authentication set to Optional.

When creating a PeSIT client communication profile with SSL set to Client optional, you can provide login and password:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles
{

  "name": "pesit_with_login",

 "type": "CLIENT",

 "protocol": "PESIT",

 "enabled": true,

 "enableSSL": true,

 "fipsEnabled": false,

 "networkProtocol": "TCP",

 "pesitLogin": "loginT",
"pesitPassword": "T",

 "serverCertificateVerified": true
}

Or,  you can provide a certificate, login, and password:

POST /api/v2/products/3630c88a-71b0-4a45-9fef-6b9e6d3eafc7/communicationprofiles

{

  "name": "pesit_with_login_and_certificate",
 "type": "CLIENT",
 "protocol": "PESIT",
 "enabled": true,
 "enableSSL": true,
 "fipsEnabled": false,
 "certificateAlias": "certificate2.crt",
 "isPrivateCertificate": false,
 "networkProtocol": "TCP",
 "pesitLogin": "loginG",
 "pesitPassword": "G",
 "serverCertificateVerified": true
}

Server only

Server only means you must have a PeSIT server communication profile with Client authentication set to No  on the corresponding product in the flow.

When creating a PeSIT client communication profile with SSL set to Server only, you provide login and password. See the example pesit_with_login for Client optional.

Mutual authentication

Mutual authentication means you need to have on the corresponding product in the flow, a PeSIT server communication profile with Client authentication set to Yes.

When creating a PeSIT client communication profile with SSL set to Mutual authentication, you provide a certificate, login, and password. See the example pesit_with_login_and_certificate for Client optional.

Partner PeSIT server communication profile

You can create a server communication profile for a partner using UI. See Partner communication profiles.

Alternatively, you can create a server communication profile from REST API.

Before you start

  • Retrieve the business id of the partner.
  • You need to know the host and port of the partner.
  • Create a public certificate on the partner.

Field

Description

id

Business id of the partner

host

Partner host

port

Partner port

pesit login

Login used when protocol is PeSIT

password

Password associated with login

certificateAlias

Name of the existing public certificate. See Create certificates.

No SSL

The example below creates a PeSIT partner server communication profile with SSL disabled:

POST /api/v2/partners/0e37bc95-3ba1-452f-b589-93886bd28cc2/communicationprofiles

{

  "name": "pesit_none",

"type": "SERVER",

"protocol": "PESIT",

"enabled": true,

"enableSSL": false,

"fipsEnabled": false,

"networkProtocol": "TCP",

"pesitLogin": "loginA",
"pesitPassword": "A",

"hosts": [ "h2" ],

"port": 2,

"clientAuthenticationRequired": "Yes"

}

SSL enabled

The client authentication required setting decides what fields need to be set in the communication profile json:

Partner - Client authentication required

Product client communication profile fields

Yes

certificate

No

N/A

Optional

certificate

PeSIT server communication profiles with SSL differ only by the clientAuthenticationRequired setting.

The example below creates a partner server communication profile with client authentication required set to Yes:

POST /api/v2/partners/26044536-21de-4de7-ba52-3e6a3b91bb35/communicationprofiles

  "name": "pesit_SSL",

 "type": "SERVER",

 "protocol": "PESIT",

 "enabled": true,

 "enableSSL": true,

 "fipsEnabled": false,

 "certificateAlias": "certificate2.crt",

 "isPrivateCertificate": false,

 "networkProtocol": "TCP",

 "pesitLogin": "loginB",
"pesitPassword": "B",

 "hosts": [ "h3" ],

 "port": 3,

 "clientAuthenticationRequired": "Yes"

}

 

Central Governance | Document Directory

Related Links