Renew or Replace B2B Secure Certificate
Contents
Renew a client certificate about to expire
|
•B2B Secure certificate expiry email notifications are sent each Monday morning at 10:10am CT to Approving Managers, Portal Admins, and users with the Onboarding Edit role if the Client has either a QA or Production certificate expiring within the next 60 days. •Once the request is processed, you must log back into the Merchant Portal, download the new certificate and apply the new certificate in all applicable source systems BEFORE the original one expires or a loss of service will occur. •Allow enough time before the expiration date to remedy any problems that may occur. •Billable consulting will be applied if B2B Payments assistance is needed with generating and applying the renewed certificates on your origination systems. •The new certificate will be backwards compatible with existing tokens. The old certificate will be automatically retired on the day of the expiration. Follow the steps below to perform certificate renewal: 1.In the Merchant Portal, select menu path: Settings > XiSecure (B2B Secure). 2.Click renew certificate for the appropriate environment. 3.The workflow status for the environment changes from "Complete" to "Requested". a.Note that the expiration date remains the same until the request is processed by B2B Payments. 4.Once the request is processed, a notification email is sent to the Approving Manager(s). a.The AM can download the certificate, OR b.Should forward the notification to the individual with the Onboarding Edit role. 5.The Approving Manager or Onboarding Edit role logs into the Merchant Portal and navigates to the B2B Secure page.
6.Click on the *.pem filename under the appropriate environment to download the new signed certificate.  Click to Expand 7.Rename the existing certificate to invalidate it and save as temporary backup. (oldMyCert.pem for example) 8.Apply the updated certificate (SAP or Web Service Integrations). For Adapter for SAP (PAS) integrations a.Place the updated Client Certificate (MyCert.pem) in the same directory where existing certificates reside (usually c:\certs). If the updated .pem has a different filename from the expiring .pem you must modify your PAS configuration. ▪In the PAS console, click the Secure Program ID. ▪Click the Browse button next to the “Client Certificate” field. ▪Select the updated .pem file. a.In the PAS console, click the Update button at the lower right of the screen. Click the Save icon at the top left of the screen. b.Restart the B2B Secure services from within PAS configuration console. c.Validate the connection to the data center via the blue button (double arrows) button. For Web Service integrations a.Apply the new certificates the same way your current certificates are applied. Billable consulting will be applied if assistance is needed with generating and applying the renewed certificates on your origination systems. b.Ensure that the newest certificate is being referenced. If the old certificate is cached, once it expires you will receive a WSE511: Invalid to use the security token error message. 9.Validation: For Adapter for SAP (PAS) integrations a.Check that the RFC connectivity from SAP is successful on all Program ID's (Authorization, Settlement, and Tokenization for this environment). Utilize the SAP Transaction code SM59 to perform this test. b.Validate that all requests (Authorization, Settlement, and Tokenization) are working correctly from an SAP standpoint: ▪Test Authorizations via sales order creation, A/R clearing, or via the available Authorization simulation tool in the PCMA Menu. ▪Test Settlement via settlement submission from SAP (this will vary based on your workflow) or via the available Settlement simulation tool in the PCMA Menu. ▪Test Tokenization via the Simulate Encryption tool in the B2B Secure BIMG. For Web Service integrations a.Have users validate that Authorization, Settlement, and Tokenization functionality is present from all WebServices origination points as applicable. b.Contact your Web developers/integrators if you require assistance with configuring the B2B Secure Client Certificate.
|
Create new certificate to replace existing one
Remember that a certificate only needs to be replaced using a new CSR if the private key password is forgotten or potentially compromised. If the certificate is about to expire, it only needs to be renewed. 1.Create a new certificate signing request (CSR) and private key. Refer to How to Create CSR for instructions.
2.Submit the only CSR file to Support Services by zipping and attaching the file to a support ticket.
3.We will sign this .csr file and will create a new Client Certificate file with a .pem file extension. You will receive an email notification that the certificate is ready for download from the Merchant Portal. 4.Log into the Merchant Portal and go to Settings > XiSecure (B2B Secure).
5.Click on the *.pem filename under the appropriate environment to download the new signed certificate. Click to Expand 6.Place the generated Client Certificate in the appropriate directory on your server. a.Place the Client Certificate in the same directory where existing certificates reside (usually c:\certs). 7.Place the Private Key in the appropriate directory on your server. a.Place the Private Key in the directory where existing certificates reside (usually c:\certs). The Private Key was generated when the .csr was created. 8.Configure new certificate (SAP or Web Service Integrations): For Adapter for SAP (PAS) integrations a.Execute the PAS Configuration GUI Console. b.Click the B2B Secure Program ID. c.Click the Browse button next to the “Client Certificate” field. d.Select the new .pem file. e.Click the Browse button next to the “Client Private Key” field. f.Select the Private Key file that was generated during the .csr creation. g.In the “Client Private Key Password” field enter the Private Key password you chose during the .csr creation. h.Click the Update button at the lower right of the screen. Click the Save icon at the top left of the screen. i.Restart the B2B Secure services from within PAS configuration console. j.Validate the connection to the data center via the blue button (double arrows) button. For Web Service integrations a.Apply the new certificates the same way your current certificates are applied. We can provide guidance in applying the certificate to the PAS server only. b.Ensure that the newest certificate is being referenced. If the old certificate is cached, once it expires you will receive a WSE511: Invalid to use the security token error message. 9.Validation: For Adapter for SAP (PAS) integrations a.Check that the RFC connectivity from SAP is successful on all Program ID's (Authorization, Settlement, and Tokenization for this environment). Utilize the SAP Transaction code SM59 to perform this test. b.Validate that all requests (Authorization, Settlement, and Tokenization) are working correctly from an SAP standpoint: ▪Test Authorizations via sales order creation, A/R clearing, or via the available Authorization simulation tool in the PCMA Menu. ▪Test Settlement via settlement submission from SAP (this will vary based on your workflow) or via the available Settlement simulation tool in the PCMA Menu. ▪Test Tokenization via the Simulate Encryption tool in the B2B Secure BIMG. For Web Service integrations a.Have users validate that Authorization, Settlement, and Tokenization functionality is present from all WebServices origination points as applicable. b.Contact your Web developers/integrators if you require assistance with configuring the B2B Secure Client Certificate.
|