Equens Connect Direct - Manual v2.0 UK

Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens Final Equens SE Classification: OPEN Version 2.0 - 10 May 2011
Manual Connect:Direct (Secure File Transfer) Connecting to Secure File Transfer of Equens
Version history
Version number Version date Status Edited by Most important edit(s)
1.0 2.0
02-Mar-09 Final 10-May-11 Final
Equens SE Equens SE
Revision of the manual. Revision for PCI-DSS.
Connect:Direct and Secure+ are trademarks of Sterling Commerce Inc.
Equens
OPEN
Content
1 1.1 1.2 1.3 2 2.1
Introduction.....................................................................................6 Maintenance of this document ..............................................................6 Target groups.....................................................................................6 Structure of this manual ......................................................................6 Connect:Direct network variants and infrastructure ........................8 Two network variants ..........................................................................8 2.1.1 Connect:Direct via internet .....................................................8 2.1.2 Connect:Direct via a Leased Line .............................................8 Infrastructure .....................................................................................9 Security .........................................................................................10 Introduction ..................................................................................... 10 Encrypted file transmission via TLS ..................................................... 10 Authentication by means of certificates................................................ 12 File naming convention and routing mechanism ............................14 Introduction ..................................................................................... 14 Connect:Direct file name convention ................................................... 14 Receipt of different file types .............................................................. 16 Multiple destination id's (optional)....................................................... 16 Fallback and backup facilities ........................................................17 Standard situation............................................................................. 17 Scenario in the event of local problems................................................ 17 Scenario in the event of a network failure at the primary location ........... 18 Scenario in the event of a total failure at the primary location ................ 19 Configuration of your network .......................................................20 Configuration of your firewall.............................................................. 20 Configuration of the Connect:Direct node in your environment ............... 20 6.2.1 Node name/IP address ......................................................... 20 6.2.2 Secure+ ............................................................................. 20 6.2.3 Client certificate .................................................................. 21 File processing in the test/acceptance environment ............................... 21
2.2 3 3.1 3.2 3.3 4 4.1 4.2 4.3 4.4 5 5.1 5.2 5.3 5.4 6 6.1 6.2
6.3
Equens
Version 2.0 - 10 May 2011
7 7.1
Requesting and installing of a certificate .......................................22 Introduction ..................................................................................... 22 7.1.1 Procedure ........................................................................... 22 7.1.2 Preparation ......................................................................... 22 7.1.3 Maintenance........................................................................ 23 Requesting a certificate ..................................................................... 23 Retrieving the certificate .................................................................... 29 Exporting the certificate..................................................................... 32 Importing the certificate into your Connect:Direct node ......................... 38 Retrieving the Equens server certificate (CA root certificate) .................. 39 Importing the Equens CA certificate into your Connect:Direct node ......... 40 Revoking the client certificate............................................................. 40 Retrieving the Certification Revocation List........................................... 44 Renewal client certificate ................................................................... 44 Testing your connection.................................................................46 Introduction ..................................................................................... 46 Difference between the three test types............................................... 46 Connection test ................................................................................ 47 8.3.1 Connection test features and conditions.................................. 47 8.3.2 Connection test execution ..................................................... 47 File transfer test ............................................................................... 47 8.4.1 File transfer test features and conditions................................. 47 8.4.2 File transfer test execution.................................................... 47 Processing tests................................................................................ 49 8.5.1 Processing test features and conditions .................................. 49 8.5.2 Requesting the processing tests............................................. 49 File sending ...................................................................................50 Introduction ..................................................................................... 50 Automatic file sending ....................................................................... 50 Binary file sending ............................................................................ 50 File delivery ...................................................................................51 Introduction ..................................................................................... 51 Using compressed files ..................................................................52 Introduction ..................................................................................... 52 11.1.1 Compression programme conditions ....................................... 52 11.1.2 Binary file transmission ........................................................ 52
7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 8 8.1 8.2 8.3
8.4
8.5
9 9.1 9.2 9.3 10 10.1 11 11.1
Equens
OPEN
11.2 11.3
Sending and receiving compressed files ............................................... 52 11.2.1 Conditions........................................................................... 52 Receiving compressed files................................................................. 52 11.3.1 Conditions........................................................................... 52 11.3.2 Features: ............................................................................ 53 Support processes: questions and changes....................................54 Connect:Direct availability ................................................................. 54 Technical Support department contact information................................ 54 Information on the Equens website ..................................................... 54 Changing connection specifications...................................................... 54 Changing connection type .................................................................. 55 Terminating the connection ................................................................ 55 Changing and terminating processing agreements................................. 55
12 12.1 12.2 12.3 12.4 12.5 12.6 12.7
Annex 1 The relationship between the Connect:Direct naming convention and the 'old' I-Connect interface description ...............56
Equens
1 Introduction
This manual provides information regarding Secure File Transfer of Equens, in particular the Connect:Direct connection type.
1.1 Maintenance of this document This document is managed and maintained by Equens Corporate IT Middleware Management department. Amendment and publication of this document may be carried out solely by this department. New versions of this document will be made available as PDF files. When a new version of the document is published, Equens will send the customer an e-mail notification. The notification will be sent to the e-mail address you have stated in the "Applicant details" field on the Connect:Direct Service Request Form. We would be grateful for any feedback regarding any unclear or incorrect information found in this manual. Please send your response to the Technical Support department of Equens (for contact details, see chapter 12, Support processes: questions and changes).
1.2 Target groups This manual is primarily intended for network specialists, functional and technical designers and administrators, ICT architects and programmers who are involved in the implementation and use of the Connect:Direct connection.
1.3 Structure of this manual This manual is divided into three sections in which the following is explained: Configuration of the connection with Connect:Direct How to make a connection Recurring procedures The above three sections are explained in further detail below. The first section describes how Equens has configured the connection with Connect:Direct and comprises chapters 2 to 5, which contain the following information: Network variants via which you will be able to connect to Connect:Direct How the security works The manner in which the system will route your data to its destination on the basis of file names How Equens has set up the backup and fallback. The second section explains in detail the one-off procedure you must perform in order to carry out future submissions of your data using Connect:Direct. This section comprises chapters 6 to 8, which contain the following information: The technical aspects of the connection (organisation of your network) Requesting and installing a certificate Testing your connection.
Equens
OPEN
The third section explains in detail the activities that recur. This section comprises chapters 9 to 12, which contain the following information: How to send files How files are delivered How to handle compressed files How to submit questions and/or changes
Equens
2 Connect:Direct network variants and infrastructure
2.1 Two network variants Two network variants can be used for Connect:Direct Connect:Direct via internet Connect:Direct via a Leased Line These two types are equal in terms of security: The security will be organised on application level with Secure+ (use of Transport Layer Security (TLS) and strong encryption). A connection via the internet is advantageous, as it enables high-speed transfers. Furthermore, if you already have an internet connection, the costs will naturally be lower. If you should opt for a more robust connection, the Leased Line is a good solution. This will involve additional costs ensuing from the management of the Leased Line by the connection provider. Furthermore, this connection is not a standard Equens network variant, and is realised in project form. This will also involve additional costs. The two network variants will be discussed in the subsequent sections. 2.1.1 Connect:Direct via internet This network variant is the preferred choice of both Equens and the majority of users. Its characteristics are as follows: The file transfer speed will depend on the internet connection bandwidth. Please note: As a rule, the available bandwidth cannot be guaranteed in the event of internet use. Securing your internet-linked infrastructure will be your responsibility, in addition to which Equens strongly recommends using firewalls. 2.1.2 Connect:Direct via a Leased Line For banks and large corporations, Equens offers the possibility to connect via a Leased Line. This Leased Line is based on a dedicated network and therefore has no relationship with the internet. Furthermore, agreements can be made with regard to guaranteed bandwidth and availability. As a result, such connections have a different level of security. The Leased Line connection can be scaled from 128 Kb/second up to 155 MB/second. This type of connection can also be useful if you exchange multiple types of traffic with Equens. From a technical point of view, connecting to such a connection is very similar to an internet connection. Given the fact that these connections are always tailor-made, please contact the Technical Support department for additional information. This will not be discussed in any further detail in this manual.
Equens
OPEN
2.2 Infrastructure After the connection is made to Connect:Direct the infrastructure will resemble as shown in the following figure:
Figure 1: Infrastructure for connection to Connect:Direct
Equens
3 Security
3.1 Introduction This chapter describes how the security of your data and the continuity of services will be guaranteed. Agreements and technical facilities will ensure that Secure File Transfer secures your data at all times. The security aspects are as follows: Authenticity Authenticity will be ensured by means of the following: Certificate verification and validation Use of a Secure Point of Entry (SPOE) Confidentiality Confidentiality regarding public and internal connections will be guaranteed through the use of Connect:Direct with Secure+ (TLS plus encryption). Integrity The integrity of the data that is to be transported will be guaranteed via the TLS hashing mechanism (digital signature). Authorisation Authorisation will be granted by means of the following: Check (netmap) on both IP-address and node name Check on Common Name in the client certificate Contract conclusion checks (processing contracts)
3.2 Encrypted file transmission via TLS When using Connect:Direct you will exchange files that may contain confidential information via Connect:Direct with Secure+. In use, Connect:Direct with Secure+ will be very similar to standard Connect:Direct, but one important difference is the fact that all confidential information will be encrypted via TLS and a strong cipher suite as AES. The nodes will automatically carry this out for you. By default the following strong cipher suites are acceptable by Equens unless agreed otherwise: RSA_WITH_AES_128_CBC_SHA RSA_WITH_AES_256_CBC_SHA RSA_WITH_3DES_EDE_CBC_SHA Please note: TLS v1.0 is the preferred secure protocol and SSLv3 is acceptable for a limited time. As of the 15th of March 2011, Equens will no longer support the SSLv3 protocol unless mutually agreed otherwise (this is temporarily postponed).
10
Equens
OPEN
One major advantage to this security method is that it is end-to-end: from node to node. The data will not only be encrypted in the public part of the network, but also on the internal networks of the customer and Equens. An additional advantage to this method is the fact that the network link between the customer and Equens will no longer need to be secured separately. It will be possible to send files over any type of network, including the internet.
Figure 2: The connection via Connect:Direct is secured end-to-end via TLS
Equens
11
3.3 Authentication by means of certificates An important aspect of the Connect:Direct infrastructure is the use of digital certificates. The Connect:Direct nodes are equipped with certificates for the purpose of authentication. This authentication is based on the nodes only accepting one another's certificates when they have been signed by the correct (Equens) Certificate Authority. A Getronics Pink Roccade PKI (Public Key Infrastructure) service will be used to issue certificates. This company sets high standards for the construction and management of PKI systems. Getronics Pink Roccade has set up a private CA (Certificate Authority) for the benefit of Equens. Private, in relation to this matter, means that this CA will only issue certificates for the Connect:Direct (and Secure FTP) service. Conversely, the Connect:Direct service will only accept nodes with certificates issued by this CA stating the same so-called Common Name on both ends of the connection. Equens will have full control over issuing of certificates and will determine which certificate applications will be accepted or rejected via a RA function. Equens will also be able to revoke previously approved certificates, when for example a security risk is established or the contract expires. More details on certificates can be found in the Equens Certificate Policy, downloadable from our website: www.equens.com (Support - Connectivity). In case your security policy does not allow the usage of the Equens PKI certificates, please contact the Technical Support department of Equens.
12
Equens
OPEN
Figure 3: Issuing of certificates by Equens
Equens
13
4 File naming convention and routing mechanism
4.1 Introduction When you wish to exchange files with Equens via Connect:Direct, the file names must comply with a specific naming convention. Files sent in will be routed to the appropriate Equens processing system on the basis of the file name. Equens will not be able to route sent files if their name does not comply with the naming convention and will therefore be unable to process them. In such cases you will receive an error message by e-mail.
4.2 Connect:Direct file name convention The following standard will apply within Connect:Direct with regard to the structure of file names: <prefix><SENDER>.<DESTINATION>.<TYPE>.<REFERENCE>.<EXTENSION>
14
Equens
OPEN
The separate fields are defined as follows:

Field Format Length Description
<prefix>
lowercase
Must be /mailbox/ This part will be stripped from the filename after it is received. The ID (router address) of the submitting party. This will be assigned by Equens and made known to the customer.
<SENDER>
UPPERCASE, alpha-numeric
1-8
Separation
Single dot
1 1-8
. The ID (router address) of the destination. This is SFT if the file is destined for an Equens system (not 'INTERPAY' or 'EQUENS'). If the destination is outside of Equens or not SFT, the field must be filled with a destination name that has been assigned by Equens.
<DESTINATION> UPPERCASE, alpha-numeric
Separation <TYPE>
Single dot UPPERCASE, alpha-numeric
1 1-8
. The ID of the file type being exchanged. The file type determines the type of processing by Equens. An overview of the most often used file types can be found in the Typetable at: www.equens.com (Support - Connectivity)
Separation <REFERENCE>
Single dot UPPERCASE, alpha-numeric
1 1-8
. A unique alpha-numeric file reference ID assigned by the submitting party. The field must start with a letter and must be unique for the submitting party within a time frame of at least 35 days.
Separation
Single dot
Equens
15
Field
Format
Length Description
<EXTENSION>
UPPERCASE, alpha-numeric
1-8
The file name suffix, assigned by the submitting party indicating the format of the file. Important extensions include the following: TXT ('readable'/ASCII data) DAT (binary) PDF (Adobe Acrobat Reader format, binary) XLS (Microsoft Excel format, binary) XML (Extensible Markup Language format, binary) ZIP (compressed files, binary). The extension has no effect on the routing by Equens.
Table 1:
Explanation of file name components
Specifications: Each field is mandatory The maximum field length is eight characters Please refer to the appendix "The relationship between the Connect:Direct naming convention and the 'old' I-Connect interface description" for information regarding the relationship between the current Connect:Direct naming convention and the previous I-Connect interface with token files. Below is an example of a complete file name for a file sent from <SENDER> id R0001234 to <DESTINATION> id SFT: /mailbox/R0001234.SFT.CLIEOP.C1234567.TXT
4.3 Receipt of different file types A customer will be able to receive numerous file types via Connect:Direct. Each type will be processed by a specific application on the side of the customer. The customer must have a mechanism that ensures that each file type is routed to the correct application on the basis of the field <TYPE>.
4.4 Multiple destination id's (optional) Equens can only issue multiple <DESTINATION> id's (router addresses) to a customer in complex cases (for example, if a group has numerous offices, all of which process the same file types and also share the same connection). The customer will then be able to route internally on the basis of the <DESTINATION> id in the file name. Additional <DESTINATION> id (router address) requests can be subject to extra charges, please contact the Technical Support department for more information.
16
Equens
OPEN
5 Fallback and backup facilities
5.1 Standard situation Equens will have two identical environments; a primary location and a secondary location, both with a backup facility. Under normal circumstances each customer will have a Connect:Direct connection with the primary location. This is shown in the following figure:
Figure 4: Route through Equens environment under normal circumstances
5.2 Scenario in the event of local problems Local problems will be dealt with by the additional identical set of equipment at the primary location.
Equens
17
5.3 Scenario in the event of a network failure at the primary location In the event of a network failure in the primary location, the system will automatically use the network infrastructure in the secondary location. With the exception of a brief hiccup, the client will not notice a difference.
Figure 5: Route through Equens environment in the event of a network failure at the primary location
18
Equens
OPEN
5.4 Scenario in the event of a total failure at the primary location In the event of a total failure at the primary location, a procedure will be started in order to summon the secondary location as the fallback location. A number of procedures will ensure that the Connect:Direct traffic for the different network variants is routed to the secondary location. During these procedures it will not be possible to connect to Equens. The customer will not notice a difference after summoning of the fallback location and does not need to make any changes. Please refer to the Secure File Transfer (Connect:Direct) Service Level Agreement (SLA) for the specification of the maximum downtime.
Figure 6: Route through Equens fallback environment in the event of a total failure at the primary location
Equens
19
6 Configuration of your network
This chapter explains the procedure for connecting to Connect:Direct at network level. Once the connection has been made it will be possible to work with Connect:Direct at transportation level. Two network variants can be used for Connect:Direct: Connect:Direct via internet Connect:Direct via a Leased Line The specifications for these network variants are described in chapter 2, "Equens Connect:Direct Network variants and infrastructure".
6.1 Configuration of your firewall In order to be able to use the production system, you will need to open your firewall TCP port 1364 and the ports 52000 through 52025 for sft.equens.com (IP: 82.195.45.60) for production (and ports configured for your local Connect:Direct node). For the test/acceptance environment the same TCP ports need to be opened for sftacc.equens.com (IP: 82.195.45.59). Please note: If you wish to carry out a processing test you must connect to the test/acceptance environment. Please refer to section 8.5, "Processing tests". The test/acceptance environment is not intended for data that have to remain confidential. The use of production data is not allowed on the test/acceptance environment.
6.2 Configuration of the Connect:Direct node in your environment 6.2.1 Node name/IP address For configuring your Connect:Direct node you will need to add the IP-address or the node name of the Equens Connect:Direct node in your configuration. Production: IP-address: 82.195.45.60 (node: SFT) Test/acceptance: IP-address: 82.195.45.59 (node: SFTACC) 6.2.2 Secure+ When using Connect:Direct you will exchange files that may contain confidential information via Connect:Direct with Secure+. In use, Connect:Direct with Secure+ will be very similar to standard Connect:Direct, but one important difference is the fact that all confidential information will be encrypted via TLS and a strong cipher suite such as AES. The nodes will automatically carry this out for you. By default the following strong cipher suites are acceptable by Equens unless agreed otherwise: RSA_WITH_AES_128_CBC_SHA RSA_WITH_AES_256_CBC_SHA RSA_WITH_3DES_EDE_CBC_SHA
20
Equens
OPEN
Please note: TLS v1.0 is the preferred secure protocol and SSLv3 is acceptable for a limited time. As of the 15th of March 2011, Equens will no longer support the SSLv3 protocol unless mutually agreed otherwise (this is temporarily postponed).
6.2.3 Client certificate The client certificate of the customer will be checked by Equens using client authentication. The Common Name in the client certificate is checked against the Common Name registered at PinkRoccade (as given by customer during the certificate request procedure). You will find more information on how to request a certificate from Equens in chapter 7, "Requesting and installing of a certificate".
6.3File processing in the test/acceptance environment To be able to use the test/acceptance environment a separate set of agreement(s) need to be in place with the appropriate processing department. For more information on this you may contact our Technical Support department. On the test/acceptance environment NO production data is allowed. You should test using test/dummy data.
Equens
21
7 Requesting and installing of a certificate
7.1 Introduction In this chapter we will explain how to obtain a client certificate (also called "Digital ID") and install this in your Connect:Direct node. 7.1.1 Procedure In general the procedure is as follows: To install the client certificate You will receive the URL and a Certificate Enrollment PIN You request a client certificate from Equens via your browser You pick up your certificate from Equens via your browser You export the certificate out of your browser You import the certificate into your Connect:Direct node You install/import the Equens CA root certificate into your Connect:Direct node In the following paragraphs the procedure is described in further detail. 7.1.2 Preparation Before you start the procedure, it is important you pay attention to the following aspects.
Choice of applicant
First determine which employee will request the certificate, as the certificate will be linked to the person who has requested it! This will be the only person who may extend or revoke the certificate based on the challenge phrase created by this person. When this person leaves the company, it will become necessary to have to revoke the current certificate and to request a new certificate with the original Certificate Enrollment PIN.
Choice of e-mail address
The certificate can only be retrieved with the PC that was used to request it. Make sure you can access your e-mail on or close to the same PC you have requested the certificate with. A production certificate is valid for two years and test certificates are valid for one year. A warning will be send by e-mail when the certificate is about to expire (starting 30 days before expiring).
Transfer of certificates to the Connect:Direct node
In case the machine where the Connect:Direct node will be active on is a different machine than the machine that is used to retrieve the certificate, the client certificate and the Equens CA root certificate need to be transferred to the Connect:Direct node machine. The encryption of the client certificate during transport must be done with a password only known to the person who has requested the client certificate.
22
Equens
OPEN
Browser choice
The described procedure and screenshots shown in this manual are based on the use of Microsoft Internet Explorer. Equens does not provide support concerning problems that result from using other browsers than Microsoft Internet Explorer.
Potential error messages
There is a chance you will get the error message "Error 1B6 occurred. You may need to install OnSiteMSI". On the website www.pki.pinkroccade.com, 'Support', 'Updates', 'OnSiteMSI error' you can download a file with the OnSiteMSI file and an installation manual. There is a chance you will get the error message "Error 1B6 occurred." (without the message about OnSiteMSI), in this case you can do the following. In the Internet Explorer click "Tools - Internet options - Security - Trusted sites" button "Sites". Add the following websites (make sure the option "Require server verification" is not marked): *.managedpki.com mpki.pinkroccade.com mpki-test.pinkroccade.com
Converting certificates
Some nodes are not able to import the certificates with the standard exported format. In that case the certificate needs to be converted. See the "Frequently asked questions - Connectivity services" at www.equens.com for more information. 7.1.3 Maintenance
Securing your certificate
It is highly recommended to safeguard the client certificate against unauthorized use. Make a (encrypted) backup on an external carrier and store this in a safe place. Equens is not able to re-issue any client certificate used by the systems. When the certificate is lost and still valid, you will need to revoke the certificate and request a new certificate based on the original Certificate Enrollment PIN.
Extending your certificate on time
A production certificate is valid for two years (a test certificate for one year). When a certificate is about to expire you will be warned by e-mail (starting 30 days before the expiry date). If the original computer used for the certificate request procedure and the certificate on that computer are still available you can perform a renewal by yourself. Follow the instructions given in the renewal e-mail and on the website. If the original computer is not available anymore, you must request a new certificate according to the described procedure in chapter 7.2.
7.2 Requesting a certificate After your Service Request Form is processed by Equens, you will receive an URL and a Certificate Enrollment PIN for the CA website (PKI Portal) of Equens.
Equens
23
With this Certificate Enrollment PIN you can request a client certificate (also called Digital ID) from Equens. Note: As of October 16, 2006 Interpay is operating under the name Equens. However, the PKI environment at Pink Roccade is still active under the name Interpay Nederland. In the URL you will receive, as well as in the address bar of the browser you will see /InterpayNederlandBV/ Step 1 Copy the URL and paste this in the address bar of your browser URL Production:
https://mpki.pinkroccade.com/services/InterpayNederlandBV001/digitalidCenter.htm
URL Test/Acceptance:
https://mpki-test.pinkroccade.com/services/InterpayNederlandBV/digitalidCenter.htm
The following screen will be displayed: Please note: 'Digital ID' is a synonym for 'certificate'.
Figure 7: The opening page with the options for certificates.
24
Equens
OPEN
Step 2 Click the first option, 'Enroll' The following screen will be displayed:
Figure 8: The form for requesting a certificate.
Equens
25
Step 3 Fill in the contact- and identification data as described below: The name of the applicant (only alpha-numeric characters are allowed, diacritical marks etc. are not allowed). Please note: the certificate will be linked to the person who has requested it. This is the only person who can extend or revoke the certificate. If the person who has requested the certificate leaves the company it will be necessary to revoke the current certificate and request a new certificate. Please keep this in mind when deciding in whose name the certificate is requested. The e-mail address where you will receive certificate notifications at. The first notification you will receive at this e-mail address is a confirmation of your request and the second notification will contain the necessary information for retrieving the certificate. A production certificate is valid for two years (a test certificate is valid for one year). At this e-mail address we will warn you once the certificate is going to expire. Please keep this in mind when deciding which e-mail address you will use. The access code for the CA website you have received together with the URL, also known as the 'Certificate Enrollment PIN'. This 'Certificate Enrollment PIN' needs to be stored in a safe place. A 'Challenge Phrase' The Challenge Phrase is case sensitive and may not contain any punctuation. The Challenge Phrase is a sentence you will need to remember. You will need this sentence when extending or revoking your certificate. In case you do not remember the Challenge Phrase anymore and want to extend the certificate, you will need to request a new certificate. If you want to revoke your certificate and do not remember the Challenge Phrase, you will need to contact the Technical Support department of Equens to have your certificate revoked.
Step 4 Send the form by clicking the 'Submit' button You will get the message below, asking you to confirm your e-mail address and check if the correct e-mail address is entered.
Figure 9: It is important that you have entered your e-mail address correctly.
26
Equens
OPEN
Step 5 Confirm that you have entered the correct e-mail address If you click 'Cancel', you will get the opportunity to correct the e-mail address in the Enrollment form. If you click 'OK', the form will be processed. Next you will get the screen below and a security message of Microsoft Internet Explorer.
Figure 10: A standard security message of Microsoft Internet Explorer. Step 6 Click 'Yes' The request is finished. The following screen will be displayed. It shows an e-mail has been sent with instructions for installing the certificate.
Figure 11: You see a message to check your e-mail.
Equens
27
When you check your e-mail, you should see the message below. From: certificate Send: woensdag 2 augustus 2006 14:13 To: Janssen, Dhr. G.A. (Geert) Subject: Equens Digital ID request confirmation Dear G.A. Janssen, Thank you for requesting a Digital ID. Equens SE is processing your request, and will notify you when your Digital ID is ready. If you have questions about your application, please contact Equens SE by replying to this e-mail message. Figure 12: You receive a request confirmation by e-mail.
The status now is as follows: A Private Key is created in the browser on this computer You have received an e-mail stating your request has been confirmed Equens is processing your request Some time later you will receive an e-mail with instructions for installing the client certificate with the pin code in that e-mail
28
Equens
OPEN
7.3 Retrieving the certificate After you have received confirmation of your certificate request, the certificate is ready to be retrieved. Step 7 Open the second e-mail message This message contains the information you will need to retrieve the certificate. From: certificate Send: woensdag 2 augustus 2006 14:24 To: Janssen, Dhr. G.A. (Geert) Subject: Your Equens Digital ID is ready Dear G.A. JANSSEN, Equens SE has approved your Digital ID request. To assure that someone else cannot obtain a Digital ID that contains your personal information, you must retrieve your Digital ID from a secure web site using a unique Personal Identification Number (PIN). You can retrieve your Digital ID by following these simple steps: Step 1: Visit the Digital ID retrieval web page, at: https://mpki.pinkroccade.com/services/ InterpayNederlandBV/client/mspickup.htm Step 2: In the form, enter your Personal Identification Number (PIN): Your PIN is: 641625923 Step 3: Follow the instructions on the page to complete the installation of your Digital ID. If you have any questions or problems, please contact Equens SE by replying to this e-mail message. Figure 13: The e-mail with instructions and pin code. As indicated in the e-mail, you will need to perform the following steps: Copy/paste the URL that is mentioned in the e-mail into the address bar of your browser Type the pin code in the form that appears in your browser Follow the instructions given in your browser
Equens
29
Step 8 Copy the URL and paste this in the address bar of your browser You will get the following screen:
Figure 14: The page where you retrieve your certificate. Step 9 Type the pin code mentioned in the e-mail and click 'Submit' Please pay attention! You must retrieve the certificate on the same PC that you have used to request the certificate because that will contain the private key created earlier. If you don't, you will get the following error message:
30
Equens
OPEN
Figure 15: Error message when you use a different PC. Next you will see the screen below, a message from Microsoft Internet Explorer indicating the client certificate is ready to be installed:
Figure 16: A standard security message from Microsoft Internet Explorer.
Equens
31
Step 10 Click 'Yes' Retrieval of the certificate is now complete. You will see the screen below. It shows the certificate has been successfully generated and installed on that PC.
Figure 17: Confirmation of the certificate installation.
7.4 Exporting the certificate The certificate is now imported in your browser. You will need to export it from here, so you can import it into the Connect:Direct node. Step 11 Call the dialogue screen for certificates In the browser menu choose 'Extra' and 'Options' The following screen will be displayed (the screens might be different compared to yours depending on what version Microsoft Internet Explorer you are using):
32
Equens
OPEN
Figure 18: Through the Options screen you go to the certificates screen.
Equens
33
Click the button 'Certificates' The following screen is displayed:
Figure 19: The screen where you manage the certificates in your browser. Step 12 Choose the correct certificate Click the certificate you have just installed. The screen below is displayed. Click 'Next' to continue.
Figure 20: Certificate export screen.
34
Equens
OPEN
Step 13 Confirm you want to export the private key In the next screen you are asked if you want to export the private key with the certificate (the private key is password protected). Exporting the private key with the certificate is mandatory, so choose option 'Yes' and click 'Next'.
Figure 21: Exporting the certificate private key. Step 14 Enter the export options You will need to enter several preferences. Tick the bottom two options under 'Personal Information Exchange': 'Enable strong protection' With this option you choose for strong security (protection) during transport 'Delete the private key if the export is successful' Ticking this option will delete the private key after exporting the certificate. You should only do this if you are sure you will not need to export the certificate again and the certificate is appropriately protected at all times (without private key the certificate cannot be renewed). Please note: as long as the private key is not deleted, it may be possible for other persons with access to your system to export the certificate and make use of your certificate! Click 'Next'.
Equens
35
Figure 22: Important options related to security. Step 15 Enter a password In the next screen you will need to enter a password. You will need this password again when you are importing the certificate into your Connect:Direct node.
Figure 23: Security through a password.
36
Equens
OPEN
Step 16 Save the certificate file Next you will need to enter where on your hard disk the certificate needs to be saved and under what name it is to be saved as a .PFX file (with PKCS #12 format).
Figure 24: Saving the certificate on the hard disk. Step 17 Finish the export procedure Next you will see an overview of the specifications you have entered with the possibility of making adjustments by using the 'Back' key. If you are satisfied, click 'Finish'.
Figure 25: Overview of the specifications entered.
Equens
37
You will get a confirmation that the export was successful. Click 'OK' to continue.
Figure 26: The confirmation that the export was successful. Subsequently you can find the saved file with the certificate in the Microsoft Explorer.
Figure 27: The file with the certificate in Microsoft Explorer. Make sure when you save the certificate (encrypted if possible) on a mobile device like a USB stick to keep the device with the certificate in a secure place. Also make sure you have deleted any copies of the certificate that are not needed or stored in a secure place.
7.5 Importing the certificate into your Connect:Direct node For importing the certificate in your Connect:Direct node we refer you to the manual of your Connect:Direct node or request support from Sterling Commerce. If you need to convert your certificate into a different format, please check our 'Frequently asked questions' section on the website of Equens (www.equens.com)
38
Equens
OPEN
7.6 Retrieving the Equens server certificate (CA root certificate) By importing the CA root certificate into your Connect:Direct node the computers of Equens know to trust your computer. Now you will need to configure your computer so it will trust the Certificate Authority (CA) of Equens. Step 18 Go back to the opening page of the Digital ID Center Once again, type the URL you have received by postal mail into the address bar of your browser. The following screen is displayed:
Figure 28: The opening page with the options for certificates.
Equens
39
Step 19 Choose the option 'Install CA' A download is started immediately and the screen below is displayed. The system asks you if you want to open or save the file to your computer. Choose the option 'Save'. The CA root certificate will be saved to your computer.
Figure 29: Save the certificate to your computer.
7.7 Importing the Equens CA certificate into your Connect:Direct node For importing the CA root certificate into your Connect:Direct node, we refer you to the manual of your Connect:Direct node or request support from Sterling Commerce.
7.8 Revoking the client certificate The client certificate (or Digital ID) can be revoked by request of the owner of the certificate or by the registered contact person. The client certificate can be revoked in case of one of the following circumstances: The client certificate is no longer in the possession of the owner The file transfer contract is ended The file transfer contract was stopped temporarily The CA of Getronics Pink Roccade was compromised The private key of the client certificate may have been compromised The contact person or the certificate owner should have the client certificate revoked immediately if there is any reason to believe that the client certificate has been compromised. Companies should also have the client certificate revoked when the certificate owner change jobs or when there is no longer need for the client certificate. There should be only one valid client certificate per Certificate Enrollment PIN, but Equens will allow time (maximum of 14 days) to have the certificate replaced in case of requesting a new certificate in the renewal procedure.
40
Equens
OPEN
If you like Equens to revoke your client certificate, for instance when you cannot access the CA anymore or have forgotten the Challenge Phrase, please contact the Technical Support department of Equens. Please make sure you have the following information at hand when contacting the Technical Support department: First and last name of the certificate owner (as these have been entered during the certificate request procedure) E-mail address of the certificate owner (the e-mail address entered during the certificate request procedure) Revoking the client certificate yourself is possible through the Digital ID Center of Pink Roccade. Type the URL you have received by postal mail into the address bar of your browser. The following screen is displayed:
Figure 30: The opening page with the options for certificates. Click on 'Revoke', the following screen will be displayed:
Equens
41
Figure 31: The form to revoke a client certificate (Digital ID) Fill in either the e-mail address OR the full name (First Name and Last Name) as used when you requested the client certificate. Click on 'Search'. Next you will see a screen with the client certificates that were found using the filled in data. Select the correct client certificate and click on 'Revoke'. The following screen will be displayed asking you to type the Challenge Phrase and give the reason for revoking.
42
Equens
OPEN
Figure 32: Enter Challenge Phrase to revoke the client certificate After filling in the Challenge Phrase and selecting the reason for Revoking, click on 'Submit'. If you have entered the correct Challenge Phrase the client certificate is revoked and the following screen is displayed.
Figure 33: Message indicating the client certificate was successfully revoked Please inform the Technical Support department of Equens that you have revoked your client certificate. If you encounter any problems during the revocation process, you can have Equens revoke your client certificate. Please contact the Technical Support department for this.
Equens
43
7.9 Retrieving the Certification Revocation List Some nodes can import a 'Certification Revocation List' (CRL) to check if a certificate is still valid (and not revoked). This file contains a list of all revoked certificates and is refreshed at regular intervals. This list can be downloaded at: http://pki.pinkroccade.com/crl/InterpayNederlandBV001/LatestCRL.crl
7.10 Renewal client certificate Production certificates are valid for two years and test/acceptance certificates are valid for one year. About 30 days before the expiry date the requestor of the client certificate will receive an e-mail stating the client certificate will expire and can be renewed using the mentioned URL and pin code. Below an example of this e-mail.
Dear , Our record indicates that your Digital ID will expire on xx-xx-xxxx. If you have already renewed your Digital ID, please ignore this notice. Otherwise please call Customer Services Equens Nederland __________________ Exception: You can also apply for automatic renewal of your Digital ID, but only under the following conditions: 1. You must have the original Digital ID on the computer connecting the MPKI site. 2. The location of the ID must be in the right place on the computer connecting the MPKI site. If you meet this criteria, please visit: <URL PinkRoccade> to renew your Digital ID. Note to Netscape users: To complete the renewal process, you may need the Challenge Phrase you used to enroll for your original Digital ID, and the following Renewal ID Number: Your Renewal ID number is : xxxxxx If you have any questions or problems, please contact Equens SE by replying to this e-mail message.
Figure 34: The renewal e-mail If you meet the mentioned criteria (the renewal can only be done from the computer you have used when requesting the original certificate) you can perform the renewal of the client certificate yourself. After renewal you must export the renewed client certificate to your Connect:Direct node.
44
Equens
OPEN
If you do not meet the mentioned criteria or a problem occurred during the renewal process (and your client certificate is not renewed), you must contact the Technical Support department of Equens for further assistance (you might need to request a new certificate instead of performing a renewal). Please note: the renewal procedure can only be started after you have received the renewal e-mail with the renewal pin code.
Equens
45
8 Testing your connection
8.1 Introduction It is advisable to first check whether the connection is functioning correctly and whether the files are being sent on in the required manner. You can test this easily by sending a file to yourself. This connection test and file transfer test can simply be carried out in the Equens production environment. If you also wish to carry out processing tests, you must carry these out in the test/acceptance environment(!). These processing tests must be scheduled at least one week in advance in consultation with the Technical Support department and the relevant business unit.
8.2 Difference between the three test types Tests can be carried out at three levels: Level A: connection test Level B: file transfer tests Level C: processing tests (application level). The level A and B tests relate specifically to the Connect:Direct connection. The level C tests are not related to the connection type. The following figure shows the levels at which the tests should be carried out.
Figure 35:
Testing for Connect:Direct will take place at three levels
Testing can only commence if the following conditions have been met: All relevant data must have been entered in the various Equens databases You must have installed a Connect:Direct node You must have installed both the client and CA root certificate
46
Equens
OPEN
8.3 Connection test 8.3.1 Connection test features and conditions

Feature Description
Subject
The connection with Connect:Direct. This involves aspects such as: Setting up a connection with Connect:Direct and Secure+ Checking whether the Connect:Direct specifications have been properly implemented at the customers side. You do not need to contact Equens in order to carry out this test. Recommended Production or test/acceptance environment
Objective
Conditions Importance Environment
Table 2: Features of the Connect:Direct connection test 8.3.2 Connection test execution You can use your Connect:Direct in the production or test/acceptance environment to test whether a connection can be realised. Please refer to the documentation of your Connect:Direct node for setting up a connection. Please note: It is not allowed to send files to Equens during a connection test.
8.4 File transfer test 8.4.1 File transfer test features and conditions
Feature Description
Subject Objective Conditions Importance Environment
Routing to and from yourself. Checking whether file transfers between Equens and the customer via Connect:Direct are successful. You do not need to contact Equens in order to carry out this test. Recommended Production or test/acceptance environment. On the test/acceptance environment NO production data is allowed. You should test using test/dummy data.
Table 3: Connect:Direct file transfer test features 8.4.2 File transfer test execution File transfer tests consists of sending a file to yourself. Please do this in the following manner:
Equens
47
Prepare a test file and change its name according to the naming convention. - For <DESTINATION> enter the same as for <SENDER> - Enter the SELFTEST value for <TYPE> Example filename for Connect:Direct: /mailbox/R0001234.R0001234.SELFTEST.TEST1234.TXT Please refer to section 4.2, "Connect:Direct file name convention" for the file name structure. Set up a connection to the Connect:Direct node of Equens (node: SFT or SFTACC) Send the file to yourself See section 9, "File sending" The file will be fully processed at Equens. This means the file will be routed to the <DESTINATION>, in this case yourself. The file will be pushed to your Connect:Direct node. Check if the file is delivered at your Connect:Direct node.
Once the file is at your Connect:Direct node the test is successfully completed.
48
Equens
OPEN
8.5 Processing tests 8.5.1 Processing test features and conditions

Feature Description
Subject Objective
The content and layout of the files. Checking whether file transfers and data processing (for Equens-specific business) between Equens and the customer via Connect:Direct are successful. If you use separate test machines you must request the following: A test connection on Connect:Direct Test certificates (client and CA) These tests must be scheduled at least one week in advance in consultation with the following: Technical Support department of Equens The Equens business unit carrying out the processing. Not mandatory. Test/acceptance environment (node: SFTACC) On the test/acceptance environment NO production data is allowed. You should test using test/dummy data. Processing tests in the production environment are not permitted.
Conditions
Importance Environment
Table 4: Features of the Connect:Direct processing test 8.5.2 Requesting the processing tests Processing tests will be carried out on the Equens test/acceptance environment. If you wish to carry out processing tests (i.e. at application level), you must schedule these tests at least one week in advance in consultation with the Technical Support department. In the event of a non-standard connection or connection to systems other than the giral Clearing and Settlement System, the connection coordinator will draw up the test procedure in consultation with the owner of the processing system. These connection processes are always carried out on a project basis.
Equens
49
9 File sending
9.1 Introduction You can send files to Equens using commands in your Connect:Direct node. When sending files you will need to initiate the transfer. You can also send compressed (zipped) data files. Please refer to chapter 11, "Using compressed files" for additional information. Please note: The maximum file size for Connect:Direct is 2 GB (uncompressed).
9.2 Automatic file sending Most Connect:Direct nodes have the possibility to send files automatically. The node can be configured so that it will check a directory on the local system for waiting files. If this is the case, the files will be sent to Equens without any further action being required from the user. If the files are sent successfully the node can remove the files. You can use a "File agent" for this, but you are responsible for further automation, Equens does not provide support for this.
9.3Binary file sending Some file types, such as files with the extension .ZIP, .DAT, .PDF or .BIN must be sent binary. For more information on sending files binary with Connect:Direct, please consult the Connect:Direct documentation of Sterling Commerce. If you send a binary file as a non-binary file, it may arrive corrupted at the destination.
50
Equens
OPEN
10 File delivery
10.1 Introduction Files addressed to you are "pushed" to you by Connect:Direct, you do not need to take the initiative to retrieve the files. The output files will be put on your Connect:Direct node, if the files need to be placed in a specific directory on your node, please indicate this on the Service Request Form when requesting the Connect:Direct connection. After pushing the files they will be automatically moved to the subdirectory 'ARCHIVE' in your mailbox. Already pushed files can be downloaded from the 'ARCHIVE' directory for 35 days (if you have access to this directory), after which they will be deleted. If you don't have access to the 'ARCHIVE' directory and would like to receive a file that has already been supplied to you, you will need to contact our Technical Support department. Files from the Equens Clearing and Settlement system will remain available within that system for 30 days for eventual reissuing (in case you cannot access your ARCHIVE folder). When this period has elapsed, the files will be deleted and cannot be resupplied electronically. Please note: Data with the highest security classification and risk will be archived and stored with a minimum period technically possible, so less than 35 days and might not be backed up during their presence in Secure File Transfer. This includes all files that contain sensitive authentication data such as data used to manufacture new credit cards and payment cards. Although Connect:Direct can be used to transport sensitive authentication data, it is not allowed to store this data in the 'ARCHIVE' folder.
Equens
51
11 Using compressed files
11.1 Introduction Files can be compressed (zipped) in order to reduce their size and therefore also the amount of time it takes for them to be transmitted. If the bandwidth is sufficient, compression will not be necessary and consequently advised against. 11.1.1 Compression programme conditions Your compression programme must be compatible with PKZIP version 2.04g Acquisition and use of compression software will be your own responsibility Please refer to your compression programme manual for information regarding file compression and decompression Please note: The maximum file size of a ZIP file is 4 GB, however the maximum file size for file transfer through Connect:Direct is 2 GB. 11.1.2 Binary file transmission You must use binary transmission in order to both send and receive compressed files, please see section 9.3, "Binary file sending".
11.2 Sending and receiving compressed files 11.2.1 Conditions You will be able to send both compressed and uncompressed files. There is no need to specify this on the Service Request Form Compressed files must be indicated with the <EXTENSION> 'ZIP' In case you would like to receive compressed files you must specify this on the Service Request Form The compressed file that you wish to send must contain not more than one data file. The compressed file will be unzipped by Equens before it is routed to the <DESTINATION> and can be zipped again by Equens, depending on the configuration of the <DESTINATION> Although the file name in the archive need not to comply with the naming convention, this is advisable. This is also easy, given the majority of compression programmes use the name of the file being compressed for the archive name. For example: If you were to compress the file R0001234.SFT.CLIEOP.A1234567.TXT, the compressed file will be named R0001234.SFT.CLIEOP.A1234567.ZIP
11.3 Receiving compressed files 11.3.1 Conditions If you wish to receive compressed output from Equens, please specify this on the Service Request form.
52
Equens
OPEN
11.3.2 Features: If you have stated you wish to receive compressed files, the following will apply: All files you receive from Equens are compressed, it is not possible to compress specific file types The names of both the ZIP archive and the archived file will comply with the file name convention. For example: the archive MFC.R0001234.VERWINFA.A1234567.ZIP would contain the file MFC.R0001234.VERWINFA.A1234567.TXT
Equens
53
12 Support processes: questions and changes
12.1 Connect:Direct availability Connect:Direct will be available from 4:00p.m. on Sunday to 7:00a.m. on Saturday. 98% availability will be guaranteed during these times.
12.2 Technical Support department contact information Support for File Transfer products will be provided by the Technical Support department of Equens. The support will encompass the following: Answering questions by telephone Dealing with incidents Monitoring the file exchange and any underlying network connections Please note: The support that Technical Support will provide is intended for situations involving a standard connection to Connect:Direct. In the event of deviation, Technical Support will not provide any support for matters relating to the client's domain. Technical Support is available from Monday to Friday, with the exception of bank holidays. Opening times: 8:00am 6:00pm Telephone: 0900 - 0660, option 3 (for customers in The Netherlands, local tariff) Telephone: +31 (0)30 - 283 68 60, option 3 (for customers outside The Netherlands) Fax: +31 (0)30 - 283 51 33 E-mail: sft@nl.equens.com Please note: Please submit any questions by telephone, not by e-mail (unless otherwise instructed).
12.3 Information on the Equens website On www.equens.com you will find the following information regarding Secure File Transfer and the various connection types: Brochures Manuals Forms FAQs
12.4 Changing connection specifications You can use the 'Service Request Form Connect:Direct' to do the following: Register and deregister: The contact person
54
Equens
OPEN
Change contact details: Organisational information Telephone number and/or e-mail address of the contact person Change service specifications: Whether you want to connect via the internet or via a Leased Line Whether you want to receive compressed files At which e-mail address you would like to receive error messages (E-mail messages that inform you of a file that could not be processed, e.g. by using an incorrect file name).
You must fill in and send a separate copy of the form for each request and/or change! This form can be requested from Technical Support or downloaded from our website: www.equens.com (Support - Connectivity) This Service Request Form only concerns the transport of files/data. For the processing of the data files you are sending/receiving, you will need to make agreements with the appropriate (processing) department of Equens.
12.5 Changing connection type If you wish to deliver data using a connection type other than Connect:Direct, please contact the Technical Support department.
12.6 Terminating the connection The Connect:Direct agreement must be terminated in writing, you can use the Service Request Form to request a termination of the Connect:Direct agreement. When terminating the connection you must ensure that all streams you use with Connect:Direct are migrated in a timely fashion. This means that the relevant processing agreements must be amended.
12.7 Changing and terminating processing agreements You must arrange changes or termination of your processing agreements with your bank and the Equens business unit that carries out the processing activities, in accordance with the relevant procedures.
Equens
55
Annex 1
The relationship between the Connect:Direct naming convention and the 'old' I-Connect interface description
1.1 Relationship with 'old' I-Connect According to the 'old' interface description, a token file is sent in addition to a data file. This token file is used to provide data regarding the routing of the data file. The token file will not be included in the new Connect:Direct standard. The following fields relate to the 'old' I-Connect interface descriptions as follows:
Field Relationship with 'old' I-Connect
<SENDER>
More or less corresponds with the 'Naam inzender' (Name of sender) field from the token file (versions 04 and 05). However, the <SENDER> field is shorter (8 positions) than 'Naam inzender' (20 positions), which in many cases ensures a difference. Token file versions 01 and 02 contain a 'Relatienummer inzender' (Sender account number) field. However, its content is not comparable.
<DESTINATION> More or less corresponds with the 'Naam bestemming' (Name of location) field from the token file (versions 04 and 05). However, the <DESTINATION> field is shorter (8 positions) than 'Naam bestemming' (20 positions), which in many cases ensures a difference. Furthermore, please remember that you must enter spaces in the token file for the destination of traffic to Equens. However, in the new interface, 'SFT' must be entered as the destination. Token file versions 01 and 02 contain a 'Relatienummer bestemming' (Location account number) field. However, its content is not comparable. <TYPE> This field will replace the three 'Informatiegroep' (Information group), 'Informatiesoort' ('Information type') and 'Bestandsindeling' (File format) fields from the token file. This field corresponds with the 'File-ID' from the file name. Only two extensions are permitted in the 'old' I-Connect: FTP and ZIP. This limitation will not apply in Connect:Direct.
<REFERENCE> <EXTENSION>
Table 5: Relationship with 'old' I-Connect
56
Equens

Equens Connect Direct - Manual v2.0 UK

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Equens Connect Direct - Manual v2.0 UK

Caricato da

Copyright:

Formati disponibili

Manual Connect:Direct (Secure File Transfer)

02-Mar-09 Final 10-May-11 Final

Revision of the manual. Revision for PCI-DSS.

Connect:Direct and Secure+ are trademarks of Sterling Commerce Inc.

1 1.1 1.2 1.3 2 2.1

Version 2.0 - 10 May 2011

9 9.1 9.2 9.3 10 10.1 11 11.1

12 12.1 12.2 12.3 12.4 12.5 12.6 12.7

Version 2.0 - 10 May 2011

Version 2.0 - 10 May 2011

2 Connect:Direct network variants and infrastructure

Figure 1: Infrastructure for connection to Connect:Direct

Version 2.0 - 10 May 2011

Figure 2: The connection via Connect:Direct is secured end-to-end via TLS

Version 2.0 - 10 May 2011

Figure 3: Issuing of certificates by Equens

Version 2.0 - 10 May 2011

4 File naming convention and routing mechanism

The separate fields are defined as follows:

<DESTINATION> UPPERCASE, alpha-numeric

Single dot UPPERCASE, alpha-numeric

Single dot UPPERCASE, alpha-numeric

Version 2.0 - 10 May 2011

Explanation of file name components

5 Fallback and backup facilities

Figure 4: Route through Equens environment under normal circumstances

Version 2.0 - 10 May 2011

Version 2.0 - 10 May 2011

6 Configuration of your network

Version 2.0 - 10 May 2011

7 Requesting and installing of a certificate

Version 2.0 - 10 May 2011

Figure 7: The opening page with the options for certificates.

Figure 8: The form for requesting a certificate.

Version 2.0 - 10 May 2011

Figure 11: You see a message to check your e-mail.

Version 2.0 - 10 May 2011

Version 2.0 - 10 May 2011

Figure 16: A standard security message from Microsoft Internet Explorer.

Version 2.0 - 10 May 2011

Figure 17: Confirmation of the certificate installation.

Version 2.0 - 10 May 2011

Click the button 'Certificates' The following screen is displayed:

Figure 20: Certificate export screen.

Version 2.0 - 10 May 2011

Figure 23: Security through a password.

Figure 25: Overview of the specifications entered.

Version 2.0 - 10 May 2011

Version 2.0 - 10 May 2011

Figure 29: Save the certificate to your computer.

Version 2.0 - 10 May 2011

Version 2.0 - 10 May 2011

Version 2.0 - 10 May 2011

8 Testing your connection

Testing for Connect:Direct will take place at three levels

8.3 Connection test 8.3.1 Connection test features and conditions

Conditions Importance Environment

Subject Objective Conditions Importance Environment

Version 2.0 - 10 May 2011

8.5 Processing tests 8.5.1 Processing test features and conditions

Version 2.0 - 10 May 2011

Version 2.0 - 10 May 2011

11 Using compressed files