TIBCO BusinessConnect EBICS Protocol User s Guide Software Release 1.0 December 2011
Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE LICENSE FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO, The Power of Now, TIBCO Hawk, TIBCO Rendezvous, TIBCO Runtime Agent, TIBCO ActiveMatrix BusinessWorks, TIBCO Administrator, and TIBCO Designer are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries. EJB, J2EE, JMS and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.. Copyright 1999-2011 TIBCO Software Inc. ALL RIGHTS RESERVED. TIBCO Software Inc. Confidential Information
Contents iii Contents Preface........................................................................ v Related Documentation..................................................................... vi Typographical Conventions................................................................. viii Connecting with TIBCO Resources............................................................ x Chapter 1 Introduction.......................................................... 1 Overview................................................................................ 2 TIBCO BusinessConnect as an EBICS Client.................................................... 3 Chapter 2 Setting Up Trading Hosts and Partners.................................... 9 Overview............................................................................... 10 Configuring a Host........................................................................ 11 Configuring a Partner...................................................................... 12 Chapter 3 Configuring Business Agreements...................................... 17 Adding a New Business Agreement.......................................................... 18 Configuring Agreement Protocol Binding for EBICS.............................................. 19 Operation Bindings Tab.................................................................... 20 Document Security Tab.................................................................... 22 Transports Tab........................................................................... 24 Chapter 4 Key Management with bcebicsmanage................................... 25 Overview............................................................................... 26 Initializing the TIBCO BusinessConnect User................................................... 27 Suspending Bank Access of the TIBCO BusinessConnect User..................................... 29 Updating TIBCO BusinessConnect User Keys.................................................. 30 Recovering From Upload Errors to TIBCO BusinessConnect....................................... 31 bcebicsmanage Keystore................................................................... 32 Updating the EBICS OrderID................................................................ 33 Chapter 5 Managing EBICS Operations............................................ 35 Overview............................................................................... 36 TIBCO BusinessConnect EZComm Protocol User s Guide
iv Contents Synchronous Request Response Operation..................................................... 37 Configuring EBICS Operations............................................................... 38 Chapter 6 Managing Properties.................................................. 45 Managing EBICS Properties................................................................. 46 Chapter 7 EBICS Private Messages............................................... 47 Overview................................................................................ 48 Initiator Request.......................................................................... 49 Initiator Response......................................................................... 50 Error Advisories........................................................................... 51 Chapter 8 Viewing Logs......................................................... 53 Log Viewer Overview...................................................................... 54 Audit Logs............................................................................... 55 Preferences.............................................................................. 58 Appendix A bcebicsmanage Command Reference.................................. 59 Overview................................................................................ 60 Bank Initialization Commands................................................................ 62 Bank Access Commands................................................................... 64 Key Update Commands.................................................................... 66 Upload to BusinessConnect Commands....................................................... 69 Order ID Commands....................................................................... 71 Index......................................................................... 73 TIBCO BusinessConnect EZComm Protocol User s Guide
v Preface TIBCO BusinessConnect EBICS Protocol is a protocol used by banks in European countries that enables banking clients, such as corporations, to communicate with banks securely. Topics Related Documentation, page vi Typographical Conventions, page viii Connecting with TIBCO Resources, page x
vi Related Documentation Related Documentation TIBCO BusinessConnect EBICS Protocol Documentation The following documents form the TIBCO BusinessConnect EBICS Protocol documentation set: TIBCO BusinessConnect EBICS Protocol Installation and Configuration: Read this guide to install and configure TIBCO BusinessConnect EBICS Protocol. TIBCO BusinessConnect EBICS Protocol User s Guide: Read this guide to to learn how to manage TIBCO BusinessConnect EBICS Protocol. TIBCO BusinessConnect EBICS Protocol Release Notes: Read this document to learn about new features, changes in functionality, deprecated features, known issues, and closed issues for each release. This document is supplied for each release and is available only in PDF format. TIBCO BusinessConnect Documentation The following documents form the BusinessConnect documentation set: TIBCO BusinessConnect Installation and Configuration. Read this guide to learn how to install and configure TIBCO BusinessConnect. TIBCO BusinessConnect Concepts: Read this guide to learn about TIBCO BusinessConnect architecture, deployment modes, protocols, and security. TIBCO BusinessConnect Interior Server Administration: Read this guide in order to administer, operate, and manage TIBCO BusinessConnect Interior Server. TIBCO BusinessConnect Gateway Server Administration: Read this guide in order to administer, operate, and manage TIBCO BusinessConnect Gateway Server. TIBCO BusinessConnect Trading Partner Administration: Read this guide to configure and manage trading partners. TIBCO BusinessConnect Scripting Deployment User s Guide: Read this guide to configure and manage TIBCO BusinessConnect using the command line interface. TIBCO BusinessConnect Release Notes: Read this document to learn about new features, changes in functionality, deprecated features, known issues, and closed issues for each release. This document is supplied for each release and is available only in PDF format.
Preface vii Other TIBCO Product Documentation You may find it useful to read the documentation for the following TIBCO products, which may be used or integrated with BusinessConnect: TIBCO Administrator software: The software allows you to manage users, machines and applications defined in a TIBCO Administration Domain. The TIBCO Administrator graphical user interface enables users to deploy, monitor, and start and stop TIBCO applications. TIBCO ActiveMatrix BusinessWorks software: This software is a scalable, extensible, and easy to use integration platform that allows you to develop integration projects. TIBCO BusinessWorks includes a graphical user interface (GUI) for defining business processes and an engine that executes the process. TIBCO Designer software: This graphical user interface is used for designing and creating integration project configurations and building an Enterprise Archive (EAR) for the project. The EAR can then be used by TIBCO Administrator for deploying and running the application. TIBCO Runtime Agent software: This software suite is a prerequisite for other TIBCO software products. In addition to TIBCO Runtime Agent components, the software suite includes the third-party libraries used by other TIBCO products such as TIBCO Designer, Java Runtime Environment (JRE), TIBCO Hawk, and TIBCO Rendezvous. TIBCO Rendezvous : This software enables programs running on many different kinds of computers on a network to communicate seamlessly. It includes two main components: the Rendezvous programming language interface (API) in several languages, and the Rendezvous daemon. TIBCO Enterprise Message Service software: This software provides a message service that enables integration of applications within an enterprise based on the Java Message Service (JMS) specifications.
viii Typographical Conventions Typographical Conventions The following typographical conventions are used in this manual. Table 1 General Typographical Conventions Convention ENV_NAME TIBCO_HOME ebics_home Use TIBCO products are installed into an installation environment. A product installed into an installation environment does not access components in other installation environments. Incompatible products and multiple instances of the same product must be installed into different installation environments. An installation environment consists of the following properties: Name Identifies the installation environment. This name is referenced in documentation as ENV_NAME. On Microsoft Windows, the name is appended to the name of Windows services created by the installer and is a component of the path to the product shortcut in the Windows Start > All Programs menu. Path The folder into which the product is installed. This folder is referenced in documentation as TIBCO_HOME. TIBCO BusinessConnect EBICS Server installs into a directory within a TIBCO_HOME. This directory is referenced in documentation as ebics_home. The default value of ebics_home depends on the operating system. For example on Windows systems, the default value is C:\tibco\bc\version\protocols\ebics code font bold code font Code font identifies commands, code examples, filenames, pathnames, and output displayed in a command window. For example: Use MyCommand to start the foo process. Bold code font is used in the following ways: In procedures, to indicate what a user types. For example: Type admin. In large code samples, to indicate the parts of the sample that are of particular interest. In command syntax, to indicate the default parameter for a command. For example, if no parameter is specified, MyCommand is enabled: MyCommand [enable disable]
Preface ix Table 1 General Typographical Conventions (Cont d) Convention italic font Key combinations Use Italic font is used in the following ways: To indicate a document title. For example: See TIBCO ActiveMatrix BusinessWorks Concepts. To introduce new terms For example: A portal page may contain several portlets. Portlets are mini-applications that run in a portal. To indicate a variable in a command or code syntax that you must replace. For example: MyCommand PathName Key name separated by a plus sign indicate keys pressed simultaneously. For example: Ctrl+C. Key names separated by a comma and space indicate keys pressed one after the other. For example: Esc, Ctrl+Q. The note icon indicates information that is of special interest or importance, for example, an additional action required only in certain circumstances. The tip icon indicates an idea that could be useful, for example, a way to apply the information provided in the current section to achieve a specific result. The warning icon indicates the potential for a damaging situation, for example, data loss or corruption if certain steps are taken or not taken.
x Connecting with TIBCO Resources Connecting with TIBCO Resources How to Join TIBCOmmunity TIBCOmmunity is an online destination for TIBCO customers, partners, and resident experts, a place to share and access the collective experience of the TIBCO community. TIBCOmmunity offers forums, blogs, and access to a variety of resources. To register, go to http://www.tibcommunity.com. How to Access All TIBCO Documentation After you join TIBCOmmunity, you can access the documentation for all supported product versions here: http://docs.tibco.com/tibcodoc How to Contact TIBCO Support For comments or problems with this manual or the software it addresses, please contact TIBCO Support as follows. For an overview of TIBCO Support, and information about getting started with TIBCO Support, visit this site: http://www.tibco.com/services/support If you already have a valid maintenance or support contract, visit this site: https://support.tibco.com Entry to this site requires a user name and password. If you do not have a user name, you can request one.
1 Chapter 1 Introduction This chapter gives an overview of EBICS (Electronic Banking Internet Communication Standard) and explains briefly how TIBCO BusinessConnect is used as an EBICS client. Topics Overview on page 2 TIBCO BusinessConnect as an EBICS Client on page 3
2 Chapter 1 Introduction Overview TIBCO BusinessConnect EBICS Protocol provides a client-side implementation of EBICS (Electronic Banking Internet Communication Standard) version 2.4.2 and is limited to supporting what is known as EBICS Profile T. This chapter introduces TIBCO BusinessConnect EBICS Protocol and its support for EBICS Profile T. For specification information on EBICS version 2.4.2, please refer to the document: Specification EBICS (Electronic Banking Internet Communication Standard) Version 2.4.2. The current version of the EBICS specification is version 2.5.0, which was released in May 26, 2011 and is not yet supported bytibco BusinessConnect EBICS Protocol. The current version of the EBICS specification, as well as past versions of the EBICS specification, can be found at: http://www.ebics.org EBICS Profile T is defined in the document EBICS - Implementation Guide in France, Version 2.1.3. This version is consistent with V2.4.2 of the specifications. This French Implementation Guide can be found at: http://www.cfonb.org/web/cfonb/cfonbmain.nsf/documentsbyidweb/7 KUEQA?OpenDocument&loglvl=7KUELS About EBICS The Electronic Banking Internet Communication Standard (EBICS) is a standard used in the banking industries of Germany and France that specifies the transmission protocol for exchanging information between banks and their customers. It is a client-server protocol that uses the Internet and HTTPS as the transport for the exchange of information. The data being exchanged is encoded into XML documents, and encryption and digital signatures are applied for security. Additionally, the electronic signature of a person can be applied to authorize the financial transactions contained in the XML documents. EBICS was first developed for use in Germany and later extended for use in France, where it has replaced the use of ETEBAC3 and ETEBAC5. When using EBICS to replace ETEBAC3, an order is sent to the bank using EBICS, but confirmation that the order should be executed by the bank is sent through a communication channel other than EBICS (such as email, fax). In other words, electronic signatures are not used for authorizing transactions. EBICS Profile T is the term used to describe this scenario for using EBICS. The remainder of this chapter describes the implementation of EBICS Profile T by TIBCO BusinessConnect EBICS Protocol.
TIBCO BusinessConnect as an EBICS Client 3 TIBCO BusinessConnect as an EBICS Client TIBCO BusinessConnect EBICS Protocol is designed to act as an EBICS technical subscriber that handles the transmission of all orders to the various banks you may want to communicate with. A technical subscriber executes all EBICS requests on behalf of users. The following diagram depicts the flow of transactions between your back end systems and a bank using TIBCO BusinessConnect EBICS Protocol. Figure 1 TIBCO BusinessConnect as an EBICS Client Company A Private Process BC Server RV/JMS Incoming Private Process Outgoing Private Process Enterprise Systems Internet HTTPS EBICS Bank Server Legend RV = TIBCO Rendezvous BC = TIBCO BusinessConnect Establishing a Banking Relationship To begin using TIBCO BusinessConnect EBICS Protocol, you as a customer of a bank must contact the bank and exchange the information required in order for the bank to set you up as a customer on their EBICS banking server. Some of the information the bank will need to know from you are: Your account number The name on your account The number of users who will be sending/receiving EBICS transactions. (See Note A) The names of the users. (See Note A)
4 Chapter 1 Introduction The type of the user (such as technical versus human) (See Note A) Whether the user can sign for orders. (See Note A) The types of EBICS orders the users are allowed to send/retrieve. Which orders need confirmation before the bank should execute them. (See Note B) Who is responsible for confirming orders. (See Note B) The method of sending order confirmations outside of EBICS. (See Note B) Note A: When establishing your relationship with a bank, it is important to let the bank know that you will have only one user sending orders to the bank and that the user is a technical user. This is because the user is being implemented by TIBCO BusinessConnect EBICS Protocol. The name you use for the BusinessConnect user can be any arbitrary name. Note B: When orders are sent to a bank, some orders must be confirmed before they will be executed with the bank. TIBCO BusinessConnect EBICS Protocol does not support sending electronic signatures to confirm orders, so order confirmations must be sent to the bank by some other means. How orders should be confirmed and who is responsible for confirming the orders should be established with the bank. In return for your information, the bank will provide you with the information needed to establish communication with the bank using EBICS. The information the bank will provide you with will include: Bank Name The bank's name Bank URL HTTPS URL for connecting to the bank. Bank Host ID ID of the bank. Customer ID ID assigned to the customer by the bank. User ID ID assigned to the user by the bank. User Name Name of the user. E001 Hash Value Not used. (See Note C) X001 Hash Value Not used. (See Note C) E002 Hash Value The sha-256 hash of the bank's public encryption key X002 Hash Value The sha-256 hash of the bank's public authentication key
TIBCO BusinessConnect as an EBICS Client 5 Bank SSL Cert Used for communicating via HTTPS with the bank Note C: The E001 and X001 Hash Values are not used by TIBCO BusinessConnect as they pertain to earlier versions of the EBICS specification that are not supported by TIBCO BusinessConnect. You will then configure your TIBCO BusinessConnect host and a trading partner for the bank using this information. See Chapter 2, Setting Up Trading Hosts and Partners, page 9 for detailed information on how to configure TIBCO BusinessConnect with the above information. EBICS Key and Certificate Management with TIBCO BusinessConnect Each user requires three keys for sending orders to banks. User Signature Key Used to generate electronic signature (ES) of the order data that the client sends to the bank. Authentication Key Used for identification and authentication of the client by the bank. Encryption Key Used for decryption of the symmetric key sent with orders that is used for encryption of the orders and electronic signatures. On the bank's side, all of the keys except for the signature key are used. Prior to sending any order to a bank, you must first initialize the TIBCO BusinessConnect user with the bank. The initialization process consists of these steps: 1. Send the user keys to the bank. 2. Send initialization letters with the public key information to the bank via a separate communication channel (such as fax). 3. Wait for the bank to release the user on their EBICS bank server. 4. Download the bank's public keys or certificates. 5. Verify the hash values of the bank's public keys. TIBCO BusinessConnect EBICS Protocol provides the tool bcebicsmanage for the management of your EBICS keys and certificates during initialization of the TIBCO BusinessConnect user with a bank. The bcebicsmanage tool provides the following capabilities: RSA public/private key pair generation according to the EBICS specification. X.509 self-signed certificate generation using the generated key pairs Initial client X.509 certificate exchange with banks via EBICS INI and HIA order types.
6 Chapter 1 Introduction Generation of initialization letters for the public keys or certificates. Retrieval of the bank's public keys and certs via EBICS HPB order type. Verification of the hash values for the bank's public keys. Update of existing client public keys and certificates with banks via EBICS HCS, HCA, and PUB order types. The bcebicsmanage tool works in conjunction with your TIBCO BusinessConnect configuration repository when running its commands. If the business agreement between your TIBCO BusinessConnect host and the bank's trading partner has not been configured with any of the three keys needed for exchanging orders with the bank, those keys will be automatically created during initialization of the TIBCO BusinessConnect host with the bank server and then uploaded back into the TIBCO BusinessConnect configuration repository. The diagram in Figure 2 depicts the case where bcebicsmanage creates the TIBCO BusinessConnect host's EBICS client keys and certificates, sends the certificates to the bank server, and then uploads the keys and certificates back to the TIBCO BusinessConnect repository. The diagram also depicts how, after initialization, bcebicsmanage is used to retrieve the bank's public keys and certificates and upload them into the TIBCO BusinessConnect Repository. Figure 2 Keys Created by BCEBICSMANAGE EBICS Client System BusinessConnect Client X,509 Certificates Bank SSL Certificate Bank URL Bank ID Customer ID User ID Client Private Keys & X.509 Certificates Bank Public Keys & Certificates Bank EBICS Server Internet BCEBICSMANAGE Bank Public Keys and Certificates When keys and certificates are stored in the TIBCO BusinessConnect repository, keys must be in PKCS#12 format and certificates should be in PKCS#7 format.
TIBCO BusinessConnect as an EBICS Client 7 When keys and certificates are generated by the bcebicsmanage tool, the generated keys and certificates will be encoded into the proper format; when keys are generated outside of the bcebicsmanage tool, the user is responsible for making sure that the key is encoded in PKCS#12 format. The bcebicsmanage tool is only used for initialization of the TIBCO BusinessConnect user with a bank, and whenever new keys or certificates need to be exchanged with the bank. The keys and certificates that are generated by bcebicsmanage will expire in five years, since the French Implementation Guide states that is when self-signed certificates should expire. You should also be aware that the French Implementation Guide states that keys that you create and that are signed by a Certification Authority (CA) should expire in three years. For further information on bcebicsmanage and how to run the commands to initialize a user or update keys, see Chapter 4, Key Management with bcebicsmanage, page 25. EBICS Order Transfers Once BusinessConnect has been initialized with a bank and the bank's public keys or certificates have been downloaded and the hashes verified, you are now capable of sending orders to the bank. EBICS defines two types of orders: upload and download. Both types of orders are initiated by the EBICS client. For download orders, an order to request the download is first sent to the bank, and the response to the request will contain the actual downloaded data. TIBCO BusinessConnect EBICS Protocol supports the order types FUL and FDL, which are defined for use in France. FUL is used for upload orders, while FDL is used for download orders. Both FUL and FDL orders are further refined by specifying the file format to use for an order. For detailed information on how to configure TIBCO BusinessConnect EBICS Protocol for upload and download orders, see Chapter 5, Managing EBICS Operations, page 35. Confirming Orders When orders are sent to a bank, some orders must be confirmed before they will be executed by the bank. TIBCO BusinessConnect EBICS Protocol does not support sending electronic signatures to confirm orders, so order confirmations must be sent to the bank by some other means. How orders should be confirmed and who is responsible for confirming the orders should have been established during the setting up of your relationship with the bank. After sending an order that needs confirmation to the bank, the user is responsible for ensuring the confirmation of that order.
8 Chapter 1 Introduction
9 Chapter 2 Setting Up Trading Hosts and Partners This chapter explains how to set up trading hosts and partners for TIBCO BusinessConnect EBICS Protocol. Topics Overview on page 10 Configuring a Host on page 11 Configuring a Partner on page 12
10 Chapter 2 Setting Up Trading Hosts and Partners Overview Using the TIBCO Administrator UI, the TIBCO BusinessConnect administrator sets up trading partners and configures a business agreement as follows: 1. Configure the Host participant, which will represent the user, and set it up for the EBICS protocol. See Configuring a Host, page 11. 2. Configure the Partner participant, which will represent the bank, and import the bank SSL certificate. Then, configure the user information provided by the bank. See Configuring a Partner, page 12. 3. Create a business agreement between the Host and the Partner (Bank). See Chapter 3, Configuring Business Agreements, page 17. Once you have finished all partner and business agreement configuration steps, use the bcebicsmanage tool to initialize the user as explained in Chapter 4, Key Management with bcebicsmanage, page 25.
Configuring a Host 11 Configuring a Host Table 1 Host Settings: General Tab To configure a host that will play the role of a user in this installation, do the following: 1. Select BusinessConnect>Participants. 2. Click the New button. 3. Type the host s name in the Name field. 4. Select Host in the Type drop-down list. 5. Click OK. 6. In the New Host Participant dialog, select the Active checkbox. 7. Click Apply. 8. Select the Protocols tab. If the TIBCO BusinessConnect EBICS Protocol has already been activated as explained in TIBCO BusinessConnect EBICS Protocol Installation and Configuration, Protocol Activation, it is now listed under Enabled Protocols. Otherwise, you need to enable it first. 9. Click on the EBICS link. Select or enter the information according to Table 1. Field Valid Email Address List Authentication Key Type Encryption Key Type User Signature Key Type Description (Not used for EBICS) The authentication key type to use during initialization process. The only value allowed for this release is X002. The encryption key type to use during initialization process. The only value allowed for this release is E002. This key is used for creating the transport signature. The only value allowed for this release is A005. 10. Click Save.
12 Chapter 2 Setting Up Trading Hosts and Partners Configuring a Partner TIBCO BusinessConnect partner in this installation represents the bank. To configure the partner, bank information contained in the user access document is entered as partner properties. 1. Select BusinessConnect>Participants. 2. Click the New button. 3. Type partner s name in the Name box. 4. Select Partner in the Type dropdown list. 5. Click OK. 6. In the New Partner Participant window, select the Active checkbox. 7. Click Apply. Enable Protocol for the Partner 1. Select the Protocols tab. 2. Click Enable. The dialog with installed protocols appears. 3. Select the checkbox next to EBICS. 4. Click OK. The EBICS protocol is now in the Enabled Protocols list. 5. Click on the EBICS link. The Edit Enabled Protocol dialog appears, with the following tabs: General Tab, page 13 Transports Tab, page 14
Configuring a Partner 13 General Tab Table 2 Partner Settings: General Tab Select or enter information as explained in Table 2. Field Valid Email Address List HostID for Bank Bank Name EBICS Protocol Version Description (Not used for EBICS) The hostid of the bank (required) The bank s name (required) Currently, only protocol version H003 is supported. Hash Values for Bank Keys E002 X002 Test Mode Hash value for the bank's E002 certificate (required) Hash value for the bank's X002 certificate (required) When selected, runtime will send Test requests to the bank. An OrderParm named TEST will be added to the request, which will treat the request as a test request. For the FUL operation, there is a FULOrderParams element connected with the parameter TEST; for the FDL operation, TEST is not available. Technical Subscriber Information EBICS Customer ID EBICS User ID EBICS User Name ID assigned to the customer by the bank (required) ID assigned to the user by the bank (required) User name (required)
14 Chapter 2 Setting Up Trading Hosts and Partners Table 2 Partner Settings: General Tab Field Description OrderID Prefix A character in the range A - Z. A user is assigned a character, and all the orders sent by this user will have an orderid starting with this character. Every FUL request sent by a user should have a unique orderid. The orderid can range from prefix+000 to prefix+zzz. TIBCO BusinessConnect will create a unique orderid by incrementing it for every order sent by this user. If an orderid prefix is changed for a given user, the orderid sequence with the previous prefix will be saved; for example, when any of the previously used prefixes are specified, the sequence number with that prefix will be used Reset OrderID Reset the OrderID in TIBCO BusinessConnect to prefix+000. The orderid is reset only after a user is initialized. Click Save. Transports Tab To add a transport for the partner, do the following: 1. Click on the Transports tab. 2. Click Add. Enter data for the new transport as explained in Table 3. Table 3 New Transport for the Partner Field Name Type Description Enter the name for the transport (required) Select the transport type (EBICS) from the dropdown list. 3. Click OK. 4. Configure the new EBICS transport as described in Table 4.
Configuring a Partner 15 Table 4 New EBICS Transport Transport Name URL Server Certificate The transport name can be changed URL of the bank EBICS server (required), such as: www.hostname.com/bank/ebicsservlet Add the SSL certificate sent from the bank. This certificate can be uploaded as explained in TIBCO BusinessConnect Trading Partner Administration, Managing Partner Credentials. Socket Timeout (sec) Leave the default (300). 5. Click Save three times. Manage Partner Credentials You can upload a partner certificate using the Credentials tab: New Certificate To upload a new certificate for the partner, perform these steps: 1. Select BusinessConnect>Participants> partner> Credentials tab. 2. Click New Certificate. Type the name of the key in the Alias field. 3. In the Current Credential line click change. Browse and navigate to the file containing the public key and click OK. 4. Click Save. The new certificate for the partner is now listed in the Credential Name list. SSH public keys and PGP public keys are not used for TIBCO BusinessConnect EBICS Protocol.
16 Chapter 2 Setting Up Trading Hosts and Partners
17 Chapter 3 Configuring Business Agreements This chapter explains how to configure business agreements and protocol bindings for TIBCO BusinessConnect EBICS Protocol. Topics Adding a New Business Agreement on page 18 Configuring Agreement Protocol Binding for EBICS on page 19 Operation Bindings Tab on page 20 Document Security Tab on page 22 Transports Tab on page 24
18 Chapter 3 Configuring Business Agreements Adding a New Business Agreement After the TIBCO BusinessConnect host and bank trading partner have been configured, you will now configure their business agreement. 1. Select BusinessConnect>Business Agreements. 2. Click the New button. The New Agreement dialog appears. Verify that EBICS appears in the Protocols column for both trading partners between which you wish to configure a business agreement. If EBICS is missing, return back to Enable Protocol for the Partner, page 12 and enable the EBICS protocol. 3. Select a host from the Host Party list that has EBICS protocol enabled. 4. Select a partner from the Partner Party list hat has EBICS protocol enabled. 5. Click OK. The New Agreement, general dialog appears. 6. Confirm that the Valid checkbox is selected. This will make the agreement valid immediately. If you wish to make the agreement valid for a certain time period, do the following: Use the Start Date dropdown lists to specify the start date. Use the End Date dropdown lists to specify the stop date. This date has to be later than the start date.
Configuring Agreement Protocol Binding for EBICS 19 Configuring Agreement Protocol Binding for EBICS To configure EBICS agreement protocol bindings, follow these steps: 1. In the New Agreement dialog, click Add Protocol Bindings. 2. In the Select Protocol dialog, select the checkmark next to EBICS. 3. Click OK. The New Agreement dialog appears. 4. Click the EBICS link in the Agreement Protocol Binding list. The following tabs for configuring protocol binding options are available: Operation Bindings Tab Document Security Tab Transports Tab
20 Chapter 3 Configuring Business Agreements Operation Bindings Tab Use the Operations Binding tab to configure the EBICS operations that each participant in a business agreement can initiate and respond to. The Host X Can Initiate and Partner Y Can Initiate areas list the activities that the host/partner can initiate and the partner/host can respond to. 1. Enter information according to Table 5. Table 5 Edit Protocol Binding: Operation Binding Tab Field Allow All Operations Non Repudiation Logging Description This checkbox is selected by default. If you leave it selected, you don t need to specify operation bindings that the host or partner can initiate. If the checkbox is cleared, you need to define the specific operation bindings. (Not used by EBICS) 2. In the Host can initiate section, click Add Operation Binding. 3. Click the topmost (+) to expand the operation tree and select the operation. 4. Click OK. The selected operation appears in the Operation Name list. Edit Operation Bindings for the Host Click the operation in the panel Host can initiate. The following tabs for configuring options are available: Operation Settings Tab Transports Tab
Operation Bindings Tab 21 Operation Settings Tab Override the operation settings using Table 6. Table 6 Override Outbound Settings: Operation Settings Tab (All Operations) Field Override Operation Settings Description Select the checkbox to override the operation settings for this operation. These settings have been previously configured. Inbound for FDL; Outbound for FUL Validate Message When selected, the request message will be validated. Click Save. Transports Tab Configure transport settings using Table 7. Table 7 Override Outbound Settings: Transports Tab (All Operations) Field Override Transports Description Select to override the originally configured transport for the host. Override Outbound Transports Primary Transport Select any of the transports previously configured for the partner. See Transports Tab, page 14 for more details. Click Save. Show Advanced Button In TIBCO BusinessConnect EBICS Protocol there are no properties that can be overridden. Therefore this option is not applicable although it appears in the TIBCO Administrator GUI. Edit Operation Bindings for the Partner Operation bindings for the partner are not used for TIBCO BusinessConnect EBICS Protocol since the bank cannot initiate a transaction with TIBCO BusinessConnect.
22 Chapter 3 Configuring Business Agreements Document Security Tab The Document Security tab is used to specify security settings for the business transaction that is being exchanged. Before using the Document Security tab to select any keys or certificates, you must first configure these keys or certificates as explained in TIBCO BusinessConnect Trading Partner Administration, Managing Host Credentials. Keep in mind that only one set of valid bank keys may exist at one time. Therefore, shadow certificates cannot be used for EBICS. 1. Configure document security using the information provided on Table 8. Table 8 Edit Protocol Bindings: Document Security Tab Field Enter/Select Outbound Doc Exchange Signing Info Settings Signing Key Select the signing private key of the host from the dropdown list. This key is used to generate the EBICS identification and authentication signature on messages sent to the EBICS bank server. User Signature Info Settings When None is selected for this key, the bcebicsmanage tool commands -init and -update* will automatically generate this key and populate this setting for you. The key will be generated according to the host's Authentication Key Type setting. User Signature Key Select the user signature private key of the host from the dropdown list. This key is used to generate the electronic signature of the order data that the client uploads to the bank. When None is selected for this key, the bcebicsmanage tool commands -init and -update* will automatically generate this key and populate this setting for you. The key will be generated according to the host's User Signature Key Type setting.
Document Security Tab 23 Table 8 Edit Protocol Bindings: Document Security Tab Field Enter/Select Encryption Info Settings Encryption Certificate Specifies the Encryption certificate obtained from the bank. Running the -verify command with the bcebicsmanage tool will set this certificate automatically. Inbound Doc Exchange Signing Info Settings Verification Certificate Specifies the Verification certificate obtained from the bank. Running the -verify command with the bcebicsmanage tool will set this certificate automatically. Encryption Info Settings Decryption Key Select the decryption private key of the host from the dropdown list. This key is used for decryption of the symmetric key, which is sent with orders and is used for encryption of the orders and electronic signatures. When None is selected for this key, the bcebicsmanage tool commands -init and -update* will automatically generate this key and populate this setting for you. The key will be generated according to the host's Encryption Key Type setting.
24 Chapter 3 Configuring Business Agreements Transports Tab Table 9 Configure Transports for the Host Configure transports for the host according to Table 9. Field Description Outbound Transports for Host This section is is used for specifying transport information for the outbound direction, or host to trading partner. Primary Transport Client Authentication Identity for HTTPS, FTPS, HTTPS CA Client Authentication Identity for SSHFTP Select the outbound transport that was previously configured for the host. See Transports Tab, page 14 for more details. (Not used for EBICS) (Not used for EBICS) Allowed Inbound Transports for Partner Since the EBCIS bank cannot initiate a transaction with TIBCO BusinessConnect, no inbound transport configuration is needed. Click Save twice. Advanced Tab Advanced configuration settings are not supported for TIBCO BusinessConnect EBICS Protocol.
25 Chapter 4 Key Management with bcebicsmanage This chapter explains how to manage keys that belong to the TIBCO BusinessConnect user using the bcebicsmanage tool. Topics Overview on page 26 Initializing the TIBCO BusinessConnect User on page 27 Suspending Bank Access of the TIBCO BusinessConnect User on page 29 Updating TIBCO BusinessConnect User Keys on page 30 Recovering From Upload Errors to TIBCO BusinessConnect on page 31 bcebicsmanage Keystore on page 32 Updating the EBICS OrderID on page 33
26 Chapter 4 Key Management with bcebicsmanage Overview TIBCO BusinessConnect EBICS Protocol provides a tool, bcebicsmanage, to perform the functions relating to key management of the TIBCO BusinessConnect user. This chapter describes the key management functions provided by the bcebicsmanage tool and when they are used. For specific details on how to configure the bcebicsmanage tool and how to run each of the commands, see Appendix A, bcebicsmanage Command Reference, page 59.. This chapter describes how to use the bcebicsmanage tool to perform the following: Create keys for the TIBCO BusinessConnect user. Send the TIBCO BusinessConnect user keys to the bank. Retrieve the bank's public keys. Verify the hashes of the bank's public keys. Upload the keys generated for the TIBCO BusinessConnect user to the TIBCO BusinessConnect repository. Upload the bank's public keys to the TIBCO BusinessConnect repository. Change the keys for the TIBCO BusinessConnect user. Suspend the TIBCO BusinessConnect user's access to a bank.
Initializing the TIBCO BusinessConnect User 27 Initializing the TIBCO BusinessConnect User Two bcebicsmanage tool commands, -init and -verify, are used when the TIBCO BusinessConnect user first initializes with the EBICS server of a bank. The -init command sends the certificates associated with the private keys of the TIBCO BusinessConnect user to the bank; the -verify command retrieves the bank's public keys and verifies the hash values of those keys with the ones which were previously provided by the bank. -init The -init command is typically run just once to initiate the setup of an EBICS client with a bank's EBICS server. You will run the -init command when the bank has indicated that the TIBCO BusinessConnect user has been configured on their EBICS server. When you run the -init command the following occurs: If private keys have been configured in the Document Security settings of the business agreement, those keys are retrieved from the TIBCO BusinessConnect repository. Any key that has not been configured will be generated according to the French Implementation Guide for EBICS. Self-signed X.509 certificates will be generated for any private keys created. The X.509 certificates for all 3 keys (authentication, encryption, and user signature) will be sent to the bank using the EBICS INI and HIA commands. Initialization letters for the 3 keys will be created in the directory BC_HOME/protocols/ebics/tools/letters. The generated keys will be uploaded back into the TIBCO BusinessConnect repository. The Document Security settings of the business agreement will be updated with the generated keys. After running the -init command, you will need to sign each of the initialization letters and send them to the bank by some other means than using EBICS; for example, you could fax the letters to the bank. The method for sending the initialization letters to the bank should be established in the contract between you and the bank. -verify Once the bank has indicated that the public keys (contained in the X.509 certificates) of the TIBCO BusinessConnect user have been released on their EBICS server, you can run the -verify command to download the bank's public keys. The -verify command can be run any number of times, but typically will be run once after the -init command is run, and then again whenever the bank notifies you that its keys have changed.
28 Chapter 4 Key Management with bcebicsmanage When you run the -verify command the following occurs: The bank's authentication and encryption public keys are retrieved using the EBICS HPB command. The hash values of the retrieved keys are compared against the hash values configured for the keys in the General settings of the bank's trading partner configuration in the TIBCO BusinessConnect Administrator GUI. If the public keys are not retrieved as X.509 certificates, new X.509 certificates are created for the keys. These X.509 certificates are signed by the internal CA of the bcebicsmanage tool. The bank's X.509 certificates are converted to PKCS#7 and loaded into the TIBCO BusinessConnect repository. The Document Security settings for the business agreement are updated with the bank's certificates.
Suspending Bank Access of the TIBCO BusinessConnect User 29 Suspending Bank Access of the TIBCO BusinessConnect User The bcebicsmanage tool command, -lock, is used to suspend any further access of the BusinessConnect user to a bank. -lock The -lock command causes the EBICS SPR command to be sent to the bank. After the -lock command has been executed, the bank will return an error if the TIBCO BusinessConnect user tries to continue to communicate with the bank. To resume communication with the bank, the TIBCO BusinessConnect user must be re-initialized by sending the bcebicsmanage tool commands -init and -verify again. To learn how to initialize a user, see See Initializing the TIBCO BusinessConnect User, page 27. If the private keys of the TIBCO BusinessConnect user have been compromised, you should do the following after running the -lock command and before re-running the -init command: Configure your own new key(s) in the Document Security settings of the business agreement. Specify None in the Document Security settings of the business agreement for any key you wish to be automatically created anew when the command -init is executed. It is important to understand that if you do not change your key configuration in the Document Security settings of the business agreement, the keys currently configured will be used by the -init command. If the configured keys were compromised, you would have just re-initialized with the same compromised keys.
30 Chapter 4 Key Management with bcebicsmanage Updating TIBCO BusinessConnect User Keys The French Implementation Guide states that self-signed certificates must be renewed after a period of five years, and that certificates signed by a CA must be renewed after a period of three years. Therefore, it will be necessary for the public keys of the TIBCO BusinessConnect user to be periodically updated with the bank. The bcebicsmanage tool provides three options for updating the TIBCO BusinessConnect user keys: -updatekeys Sends the X.509 certificates of all three keys, as configured in the Document Security settings of the business agreement, to the bank using the EBICS HCS command. -updatesignkey Sends the X.509 certificate of the configured User Signature Key to the bank using the EBICS PUB command. -updateauthencrkeys Sends the X.509 certificates of the configured Authentication and Encryption keys to the bank using the EBICS HCA command. These -update* commands, which update the TIBCO BusinessConnect user keys, act the same as the -init command when it comes to key configuration, key generation, and X.509 certificate generation. If you specify None in the Document Security settings of the business agreement for any key, that key will be automatically generated by the corresponding -update* command and a self-signed X.509 certificate will be created for the generated key. Otherwise, the key that is updated with the bank will be the key that is configured in the Document Security settings. Unlike the -init command, with the -update* commands it is not necessary to send initialization letters for the new keys to the bank. The keys are exchanged in a secure manner using the previously exchanged keys, so initialization letters to confirm the hashes of the keys are not necessary. The -update* commands can be run any number of times after the TIBCO BusinessConnect user has been initialized, and as long as the TIBCO BusinessConnect user has not been suspended with the bank.
Recovering From Upload Errors to TIBCO BusinessConnect 31 Recovering From Upload Errors to TIBCO BusinessConnect The final step of most of the bcebicsmanage tool commands is to upload any of the generated keys or certificates back to the TIBCO BusinessConnect repository. If your database connection goes down for some reason during this final processing step, the next command or order that you try to send to the bank would fail. The bank would have the latest keys or certificates, but TIBCO BusinessConnect would still be trying to use old keys or certificates since updating of the TIBCO BusinessConnect repository with the new keys or certificates did not succeed. To recover from this scenario, the bcebicsmanage tool provides the following commands: -uploadkeys Uploads the latest version of TIBCO BusinessConnect user keys that have been exchanged with the bank to TIBCO BusinessConnect. -uploadcerts Uploads the latest version of public keys/certificates that have been downloaded from the bank to TIBCO BusinessConnect. The bcebicsmanage tool creates a separate Java keystore to hold any keys or certificates used by the bcebicsmanage tool commands. Therefore, when a key is created and sent to the bank using the -init command, the bcebicsmanage Java keystore will contain that key. The -uploadkeys command will cause the TIBCO BusinessConnect user keys that are contained in the bcebicsmanage Java keystore to be extracted and uploaded to the TIBCO BusinessConnect repository. The -uploadcerts command will cause the latest bank certificates that were downloaded and stored in the bcebicsmanage Java keystore to be extracted and uploaded to the TIBCO BusinessConnect repository.
32 Chapter 4 Key Management with bcebicsmanage bcebicsmanage Keystore The bcebicsmanage tool creates a separate Java keystore to hold any keys or certificates used by the bcebicsmanage tool commands. This keystore is tied to the operation system user running the bcebicsmanage tool. When using the bcebicsmanage tool to manage the TIBCO BusinessConnect user's keys or download a bank's certificates, the same user should run the TIBCO BusinessConnect tool to ensure that the proper Java keystore is accessed by the tool, and that a new Java keystore won't be created. For example, having the same user execute the bcebicsmanage tool is especially important for the -update* commands. For the -update* commands, the current TIBCO BusinessConnect user keys stored in the bcebicsmanage Java keystore are used to send the TIBCO BusinessConnect user's new public keys to the bank. Recreating the Keystore In the event that your bcebicsmanage Java keystore gets accidently deleted, it is possible to recreate the keystore by doing the following: Ensure that the key configuration in each business agreement has not been modified since the command -init or -update* was last run successfully. Run the -init command again for each business agreement between the TIBCO BusinessConnect user and your bank trading partners. The bcebicsmanage Java keystore will get created and the keys from the business agreements will get loaded into it. The -init command will ultimately fail with a user state error, since the bank will not be expecting the TIBCO BusinessConnect user to be re-initializing itself. However, the keys from the business agreement will have been loaded into the keystore before the bank error is returned. Run the -verify command again for each business agreement between the TIBCO BusinessConnect user and your bank trading partners. The latest bank certificates will then be loaded into the bcebicsmanage Java keystore. The -verify command should succeed as long as the hashes of the bank's public keys have been configured properly, since bank certificates can be downloaded any number of times.
Updating the EBICS OrderID 33 Updating the EBICS OrderID Various EBICS commands require a unique order ID to be assigned to the command when it is sent to the bank. TIBCO BusinessConnect EBICS Protocol maintains a table of the next order ID to use based upon the order ID prefix configured for the bank trading partner. In the event that you find it necessary to set the next order ID to be used to a specific order ID, the bcebicsmanage tool provides the command -updateorderid. For specific information on how to invoke the -updateorderid command, see Appendix A, bcebicsmanage Command Reference, page 59.
34 Chapter 4 Key Management with bcebicsmanage
35 Chapter 5 Managing EBICS Operations This chapter describes how to manage operations for TIBCO BusinessConnect EBICS Protocol. Topics Overview on page 36 Synchronous Request Response Operation on page 37 Configuring EBICS Operations on page 38
36 Chapter 5 Managing EBICS Operations Overview There are two operation types for EBICS: FUL and FDL. The FUL operation types are used to upload data to bank, while FDL operations are used for fetching data from the bank. Each operation has a FileType property, which is a required field. File type should be supported by the bank. The EBICS operations are Synchronous Request Response in nature, and both the request and response actions can contain schemas. When schemas are present and the option "Validate Schema" is selected, schema validation is performed on request/response. For the FDL type of operations, only inbound schema validation is enabled, which means that only the response can be validated. TIBCO BusinessConnect EBICS Protocol is shipped with some preloaded operations. One of these operations, Status.ptk, is used for fetching the status of the FUL requests. About Schema Validation in EBICS Schema validation in TIBCO BusinessConnect EBICS Protocol is performed based on the following: Schema type: XSD Direction of messages Whether the validation is done for a request or for a response Caching of Schemas The referenced schema is updated in the validator cache during runtime validation, in the same way as if it was saved through the GUI. When a schema is used by reference, you will not observe any schema changes in the referenced object but you will see the change on the reference instead. This means that the TIBCO BusinessConnect configuration store does not scan the referenced object each time the validation occurs, but it instead indicates if there is a change in the uploaded file object. You need to update the reference in the GUI re-save the schema reference and the new referenced object will be updated in the cache. See also Validation Schema Name, page 40 for more information on how to choose which schema to use: XSD.
Synchronous Request Response Operation 37 Synchronous Request Response Operation The Synchronous Request Response operation can send a document to the trading partner and wait for a response. It waits until the response is received and suspends any further processing for that request. This operation is used to send documents to trading partners and require response for further processing to proceed. The operation flow is presented in Figure 3. Figure 3 Synchronous Request-Response Operation Initiator Private Process Initiator Request Initiator Response 1 2 4 3 Initiator BusinessConnect Internet The Bank 1. The Initiator private process sends the request to the Initiator. There are two operation types: FUL This operation type is used to upload data to the bank. FDL This operation type is used for fetching data from the bank. The Initiator Request message from the private process is used to cause TIBCO BusinessConnect to initiate either the FUL or FDL operations. When performing FUL operations, the payload from the private process can be sent to TIBCO BusinessConnect as a string or a file reference. 2. The Initiator sends the request to the Bank and waits for the response until the timeout specified in the EBICS transport has expired. The Initiator Response message from TIBCO BusinessConnect to the private process is used to send the response payload from the bank for FDL operations. When performing FDL operations, the response payload is always sent to the private process as a file reference. 3. Upon receiving the response from the Bank, the Initiator sends the Initiator Response message. If the Initiator times out, an audit log entry is generated, a timeout error advisory is sent, and the connection is closed. If the Initiator TIBCO BusinessConnect times out, an audit log entry will be generated and a timeout error advisory will be sent out. In this case, the request will be cancelled. When the response arrives at a later time, there won t be any corresponding request present, the advisory will be rejected, an error advisory will be published, and an internal system error will be sent to the partner.
38 Chapter 5 Managing EBICS Operations Configuring EBICS Operations To configure an EBICS operation, perform these steps: 1. In the left panel under TIBCO BusinessConnect, click the link Operations Editor. In the Operations Editor window, group the available installed protocols (plug-ins) by Plug-in or None. Figure 4 Configure New Operation for EBICS Using this window, you can: Import a new operation, by clicking on the Import button Export the existing operations, by selecting the radio button next to the plug-in and clicking on the Export button. Add New Category Category is used to group operations based on their type. 1. Click on the EBICS link. The Edit Operations: EBICS window opens. 2. Click New Category. 3. In the New Category dialog, do the following: In the Name field, type a category name (required) In the Description field, type a brief description for this category (optional). 4. Click Save.
Configuring EBICS Operations 39 Add New Version Version is used to allow various subgroups of operations. 1. With the radio button for the category selected, click New Version. 2. In the New Version dialog, do the following: In the Name field, type a version name (required) In the Description field, type a brief description for this version (optional). 3. Click Done. Add New Operation Operations are added to a specific version. Each version can contain same or different operation sets. 1. With the radio button for a version selected, click New Operation. The New Operation dialog appears. Figure 5 New Operation Dialog 2. Select one operation from the Operation Type dropdown list: FUL This operation type is used to upload data to the bank. FDL This operation type is used for fetching data from the bank. These two operations are configured in a similar way, with small differences that are pointed out in the instructions. 3. Click OK. FUL Operation To configure the FUL operation, you will use the following tabs: FUL Operation Tab In the FUL Operation tab, enter information according to Table 10.
40 Chapter 5 Managing EBICS Operations Table 10 FUL Operation Tab Field Name Description Enter/Select Name of the operation (required) Brief description for the operation Outbound Validate Message File Type Validates the outbound request. File type to be associated with file that will be uploaded. Click Save. Table 11 FUL Request Action Tab FUL Request Action Tab In the Request Action tab, enter information according to Table 11. Field Name Description Direction Validation Schema Name Enter/Select Name of the request action Brief description for the request action Initiator to Responder (pre-defined) Schema file for validating the outbound request. Only the XSD schema can be defined. To select the schema document: 1. Click on the change link. 2. In the Change File dialog, select one of the following two choice from the dropdown list: File Reference If you select file reference, enter the path to the.xsd file you wish to use. Uploaded File If you select uploaded file, the new Change File dialog will appear. a. Click the Browse button and navigate to the schema file. Note: EBICS supports only XSD schema validation. b. Click Open and OK.
Configuring EBICS Operations 41 Table 11 FUL Request Action Tab Field Enter/Select For BC Palette use only XML Document Validation Root XML Element Name Select XSD from the dropdown list. Root XML element name, which is the top-level XML element in the document. It is only required if you are going to use the TIBCO BusinessConnect palette. Click Save. Table 12 FUL Response Action Tab FUL Response Action Tab In the Edit Operation dialog, enter information according to Table 12. Field Name Description Direction Enter/Select Name of the response action Brief description for the response action Responder to Initiator (pre-defined) Click Save. FDL Operation To configure the FUL operation, you will use the following tabs: Table 13 FDL Operation Tab FDL Operation Tab In the FDL Operation tab, enter information according to Table 10. Field Name Description Enter/Select Name of the operation (required) Brief description for the operation
42 Chapter 5 Managing EBICS Operations Field Inbound Validate Message File Type Enter/Select Validates the response received from the bank. When selected, either the request or response will be validated. This checkbox should be selected in the following cases: Initiator needs that the request to the partner be validated Responder needs that the response be validated File type to be associated with file that will be downloaded. Click Save. Table 14 FDL Request Action Tab FDL Request Action Tab In the Request Action tab, enter information according to Table 11. Field Name Description Direction Enter/Select Name of the request action Brief description for the request action Initiator to Responder (pre-defined)
Configuring EBICS Operations 43 Table 14 FDL Request Action Tab Field Download Criteria Schema Name Enter/Select Schema file for specifying the download criteria. Since for FDL operations no data is uploaded to the bank, this schema is used to specify the download criteria for FDL file type. To specify the criteria, a predefined schema should be uploaded. Note: Only the XSD schema can be defined. To select the schema document: 1. Click on the change link. 2. In the Change File dialog, select one of the following two choice from the dropdown list: File Reference If you select file reference, enter the path to the.xsd file you wish to use. Uploaded File If you select uploaded file, the new Change File dialog will appear. a. Click the Browse button and navigate to the schema file. b. Click Open and OK. For BC Palette use only Note: This schema can be found in EBICS_HOME/examples/ FDLRequestData.xsd. It contains a FDLRequestData root element and startdata and enddate child elements. You can specify the startdate and enddate values in YYMMDD format. XML Document Validation Root XML Element Name Select XSD from the dropdown list. Root XML element name, which is the top-level XML element in the document. It is only required if you are going to use the TIBCO BusinessConnect palette. Click Save.
44 Chapter 5 Managing EBICS Operations Table 15 FDL Response Action Tab FDL Response Action Tab In the Edit Operation dialog, enter information according to Table 12. Field Name Description Direction Validation Schema Name Private Process Wait (seconds) Enter/Select Name of the response action Brief description for the response action Responder to Initiator (pre-defined) Schema file for validating the downloaded data from bank. Only the XSD schema can be defined. To select the schema document: 1. Click on the change link. 2. In the Change File dialog, select one of the following two choice from the dropdown list: File Reference wish to use. If you select file reference, enter the path to the.xsd file you Uploaded File If you select uploaded file, the new Change File dialog will appear. a. Click the Browse button and navigate to the schema file. Note: EBICS supports only XSD schema validation. b. Click Open and OK. Determines the time in seconds for how long the private process will wait for response. The default is 3600 For BC Palette use only XML Document Validation Root XML Element Name Select XSD from the dropdown list. Root XML element name, which is the top-level XML element in the document. It is only required if you are going to use the TIBCO BusinessConnect palette. Click Save.
45 Chapter 6 Managing Properties This chapter explains how to add and remove EBICS properties. Topics Managing EBICS Properties on page 46
46 Chapter 6 Managing Properties Managing EBICS Properties You can add, change, or remove EBICS properties using the Edit Plug-in Properties dialog. Add a Property To add a property: 1. In TIBCO Administrator, select BusinessConnect>System Settings>Activated Protocol Plug-ins and Properties. 2. Click on the EBICS link. 3. In the Edit Plug-in Properties window, click Add. 4. Type a name for the property in the Property Name field. 5. Select a data type from the Property Type dropdown list: boolean, string. or integer. 6. Type a description of the new property in the Description field. 7. Click Save. The new property is now added in the Edit Plug-in Properties window. Delete a Property To remove a property: 1. In the Edit Plug-in Properties window, check the checkbox next to the property you want to delete. 2. Click Delete. 3. In the Delete Property dialog, type the name of the property you want to delete and click OK. Keep in mind that you may remove only user defined properties, and that default properties should not be removed.
47 Chapter 7 EBICS Private Messages This chapter describes how to configure the EBICS private messages. Topics Overview on page 48 Initiator Request on page 49 Initiator Response on page 50 Error Advisories on page 51
48 Chapter 7 EBICS Private Messages Overview The exchange of business documents is known as the process flow. In any TIBCO BusinessConnect process flow, two types of messages are exchanged: Private messages Public messages See Chapter 5, Managing EBICS Operations, page 35 About EBICS Private Messages Private messages are exchanged between a private process and the local TIBCO BusinessConnect installation. Private messages can contain a request, response, or notification document. The private process handles conversion from internal to public data and back. You can generate EBICS private messages from TIBCO ActiveMatrix BusinessWorks private processes that use the TIBCO BusinessConnect Palette. TIBCO BusinessConnect EBICS Protocol supports three types of private process messages: Initiator Request Used to initiate a file upload or file download request to the bank. Initiator Response Used to send the response received from the bank. This can be status message, such as for file upload, or a payload from the bank, such as for file download. Error Advisory Used to send advisories when an error occurs during the execution of a request. See TIBCO BusinessConnect Trading Partner Administration Guide, Chapter 7, Private Process Configuration for more information.
Initiator Request 49 Initiator Request The Initiator private process uses this message to handle outbound requests. Data that is sent is in a string or in binary form. Subject Name prefix.installation.ebics.initiator.request External example: AX.BC.BC-ACME.EBICS.INITIATOR.REQUEST Table 16 Private Message: InitiatorRequest Field Type Required Description frompartner String HostParticipant Name invoking the Initiator Request. Represents the EBICS user. topartner String Yes PartnerParticipant Name receiving the request. Represents the EBICS Bank. transactionid String The transactionid for this request. It will be created by the TIBCO BusinessConnect Palette if not explicitly specified. closure String Used to correlate the response with the request. inputfile String This field can specify a file reference and is used to send data to the bank. For FUL file types, data can be uploaded to the bank using this field or stringdata field. For FDL file types, no data is uploaded to the bank and this field should stay empty. stringdata String This field is used to send data to the bank. For FUL file types, data can be uploaded to the bank using this field or inputfile field. For FDL file types, this field is used to specify download criteria. For now, user can download data for FDL file type in a given date range; for this to work, user needs to upload a custom schema that has the FDLRequestData root element. This schema can be found in examples folder of the EBICS installation. See Configuring EBICS Operations for more information.
50 Chapter 7 EBICS Private Messages Initiator Response BusinessConnect sends the Initiator Response message when a request to the bank has been successful. Subject Name prefix.installation.ebics.initiator.response External example: AX.BC.ACME.EBICS.INITIATOR.RESPONSE Table 17 Private Message: InitiatorResponse Field Type Description standardid String Protocol name: EBICS userid String EBICS userid of the user who initiated the request. customerid String EBICS CustomerID of the customer to which userid belongs. bankid String HostID for bank that received the request. filetype String EBICS file type of the file that was uploaded or downloaded. frompartner String Name of the host participant that represents the EBICS user. topartner String Name of the partner participant that represents the EBICS bank, operationid String operationid name transactionid String transactionid for this request. orderid String The orderid used for this request. TIBCO BusinessConnect generates this automatically for FUL file types. statuscode String Status code for this request. statusmsg String Status message for this request. closure String Used to correlate the response with the request. responsefile String File reference for the data downloaded from the bank. It is used only for the FDL file types.
Error Advisories 51 Error Advisories These messages are sent by BusinessConnect when there an error occurs during the execution of the request, or when there is an error when processing the request in the bank. Subject Name prefix.installation.ebics.error Example: AX.BC.BC-ACME.EBICS.ERROR Table 18 Private Message: Error Message Field Type Required Description statuscode String One of the private party-defined status and error codes statusmsg String The string representing the cause of one of the private party-defined status or error codes details String Additional information or details for the message timestamp string Date and Time of the transaction msgdirection String The flow of the message, either inbound or outbound closure Reserved operationid String A three-part ID of the form: category/version_number/operation_name transactionid String A unique ID generated by TIBCO BusinessConnect when publishing the transaction to the private process's environment. This transactionid will be the same as the one with which the request was initiated. standardid String Yes Protocol name (EBICS) host String No Host participant s name. Represents the EBICS user. tpname String No Partner participant s name. Represents the EBICS bank. extrainfo string Additional details
52 Chapter 7 EBICS Private Messages
53 Chapter 8 Viewing Logs This chapter explains the use of logs in TIBCO BusinessConnect EBICS Protocol. Topics Log Viewer Overview on page 54 Audit Logs on page 55 Preferences on page58
54 Chapter 8 Viewing Logs Log Viewer Overview In TIBCO BusinessConnect EBICS Protocol, the log offers several search options: Audit, Resendable Transactions, Resend History, and Preferences. Setting up search preferences for all protocols, or for a particular protocol, is explained in TIBCO BusinessConnect Trading Partner Administration,. When doing searches, remember that the character * is not considered to work as a wild card, but represents a part of a name. The available log viewer options for TIBCO BusinessConnect EBICS Protocol are: Audit logs and Preferences.
Audit Logs 55 Audit Logs The audit log is used to store information about the messages and documents processed by TIBCO BusinessConnect EBICS Protocol. You can use the audit log to follow the processing states of inbound or outbound documents. Some of the types of information stored in the audit log include: sent and received documents; document originator; trading partner name; processing status; and validation errors. For more information on audit logs, see TIBCO BusinessConnect Trading Partner Administration Guide, Audit Logs. When doing searches, remember that the character * is not considered to work as a wild card, but represents a part of a name. Configure an Audit Log Table 19 Audit Log: Search Filters To configure an audit log for TIBCO BusinessConnect EBICS Protocol, do the following: 1. Select BusinessConnect>Log Viewer. 2. In the log viewer window, select the radio button next to EBICS. 3. Click the Audit button. 4. Configure the audit log search. Table 19 lists the options to select for the audit log. Column Name Status Date Range Criteria Definition Select a specific status, such as ANY, COMPLETED, ERROR,and PENDING From this dropdown list, you can select the period to search: One Day One Week One Month One Year Custom If Custom Date Range is selected, additional editable fields for Start and End of the search period will become available.
56 Chapter 8 Viewing Logs Advanced Filters 5. To configure the advanced search filters, click the Add button. Table 20 lists the options to select in the Advanced Search Settings section of the audit log. Table 20 Audit Log: Advanced Search Filters Column Save as Query Host Definition Enter the name under which you want to save the query you define in this dialog Host name Boolean search using: is, contains, is not, is not like Trading Partner Trading Partner name Boolean search using: is, contains, is not, is not like Operation ID Operation ID Boolean search using: is, contains, is not, is not like UserID UserID assigned by the Bank Boolean search using: is, contains, is not, is not like BankID Host ID for the bank Boolean search using: is, contains, is not, is not like OrderID The orderid used for this request. TIBCO BusinessConnect generates this automatically for upload requests. Boolean search using: is, contains, is not, is not like CustomerID CustomerID assigned by the Bank Boolean search using: is, contains, is not, is not like TransactionID TransactionID for this request. Boolean search using: is, contains, is not, is not like 6. After defining the filters, click Save. 7. You can search the audit logs by grouping them according to the selected criteria.
Audit Logs 57 In the Group by drop-down list, select any of the available criteria: None Date Group Host Trading Partner Operation ID UserID BankID OrderID CustomerID TransactionID To learn more about these options, see TIBCO BusinessConnect Trading Partner Administration Guide, Audit Logs.
58 Chapter 8 Viewing Logs Preferences To set the preferences for log searches used for TIBCO BusinessConnect EBICS Protocol, do the following: 1. Select BusinessConnect > Log Viewer. 2. In the log viewer window, select the radio button next to EBICS. 3. Click the Preference button. 4. The preference options for TIBCO BusinessConnect EBICS Protocol are explained in table Table 21. Table 21 Log Viewer Preferences: TIBCO BusinessConnect EBICS Protocol Protocol Show Protocol in List EBICS Check or uncheck the checkbox to display the selected protocol in the list. Defaults Host Status Select the default host name from the drop-down list. Select the protocol status that will be used to display the logs: ANY, COMPLETED, ERROR, and PENDING Group By Column Audit Columns available for grouping the audit logs depend on the protocol: None, Date Group, Host, Trading Partner, Operation ID, UserID, BankID, OrderID, CustomerID, TransactionID
59 Appendix A bcebicsmanage Command Reference This appendix contains the command that are used by the bcebicsmanage tool. Topics Overview, page 60 Bank Initialization Commands, page 62 -init, page 62 -verify, page 63 Bank Access Commands, page 64 -lock, page 64 Key Update Commands, page 66 -updatekeys, page 66 -updatesignkey, page 67 -updateauthencrkeys, page 68 Upload to BusinessConnect Commands, page 69 -uploadkeys, page 69 -uploadcerts, page 70 Order ID Commands, page 71 -updateorderid, page 71
60 Appendix A bcebicsmanage Command Reference Overview TIBCO BusinessConnect EBICS Protocol provides a tool, bcebicsmanage, to perform the functions relating to key management of the TIBCO BusinessConnect user. This Appendix contains information on how to configure bcebicsmanage for use, and information on each of the commands supported by the bcebicsmanage tool. Configuring the bcebicsmanage Tool The bcebicsmanage tool is located in the directory BC_HOME/protocols/ ebics/ tools. The executable to invoke is named bcebicsmanage.exe on Windows and bcebicsmanage on UNIX, and the file which contains configuration information needed to run the tool is named bcebicsmanage.tra. Most of the settings in bcebicsmanage.tra are already specified for you, but there are a couple of settings which you must configure and a few settings which it is good to be aware of. TIBCO BusinessConnect Repository Settings The bcebicsmanage tool works in conjunction with the TIBCO BusinessConnect repository. You must specify the way of connecting to the TIBCO BusinessConnect repository in bcebicsmanage.tra prior to invoking the bcebicsmanage tool. The settings in bcebicsmanage.tra that tell the tool how to connect to the TIBCO BusinessConnect repository are: java.property.ebics.cli.jdbc.url Set the value for this property to the URL for the database that contains the TIBCO BusinessConnect repository. java.property.ebics.cli.jdbc.user Set the value for this property to a valid user name for connecting to the database. Trace Level Setting The bcebicsmanage tool outputs tracing information during its execution. Tracing is provided by Apache log4j, and the level of tracing can be controlled by the following setting: java.property.ebics.cli.trace.level Valid values for the trace level can be found at: http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/level.html By default, the trace level is set to INFO.
Overview 61 Host and Partner Name Settings During normal usage of the bcebicsmanage tool, you will run the tool for the same TIBCO BusinessConnect host and trading partner several times. The ability to specify the names of the TIBCO BusinessConnect host and trading partner in the bcebicsmanage.tra file has been provided to reduce the number of options you need to specify on the command line when running the tool. The following properties can be specified in bcebicsmanage.tra, instead of on the command line, to indicate which TIBCO BusinessConnect host and trading partner to use for a bcebicsmanage command: java.property.ebics.cli.bc.host The name of the TIBCO BusinessConnect host. java.property.ebics.cli.bc.partner The name of the bank trading partner.
62 Appendix A bcebicsmanage Command Reference Bank Initialization Commands -init Description Prerequisites Initializes a TIBCO BusinessConnect host as an EBICS client of a bank's EBICS server. The -init command is typically run just once. Initialization consists of the following: 1. Creation of any keys that have not been configured for the TIBCO BusinessConnect host. 2. Sending of the public keys for authentication, encryption, and user signature to the bank's EBICS server. 3. Generation of initialization letters for the public keys. Before running the -init command the following must be done: The TIBCO BusinessConnect host must have been configured. The options provided from the command line take priority over the options provided in the bcebicsmanage.tra file. A trading partner for the bank must have been configured. A business agreement between the TIBCO BusinessConnect host and the bank (trading partner) must have been configured. The bank must have indicated that the TIBCO BusinessConnect user has been set up as an EBICS client on the bank's EBICS server Options -jdbcurl (required if not specified in bcebicsmanage.tra): URL for the database which contains the TIBCO BusinessConnect repository. -jdbcuser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database which contains the TIBCO BusinessConnect repository. -jdbcpwd (required): The password for connecting to the database which contains the TIBCO BusinessConnect repository. -frompartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name. -topartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.
Bank Initialization Commands 63 -privatekeypwd (required): The password for your authentication, encryption, and signature private keys. All three keys must use this same password. -verify Description Prerequisites Downloads the bank's public keys and compares the hashes of those keys with the hashes configured for the bank trading partner. If the bank keys retrieved are not X.509 certificates, self-signed X.509 certificates will be created for the keys using an internal CA. The X.509 certificates are then converted to PKCS#7 and uploaded to TIBCO BusinessConnect, where the bank trading partner and business agreement are updated with the retrieved public keys. The -verify command can be run any number of times, but typically will be run once after the -init command is run and then again whenever the bank notifies you that its keys have changed. Before running the -verify command, the following must be done: The -init command must have been run. The bank must have indicated that the keys exchanged with the -init command have been released and the TIBCO BusinessConnect user is ready to execute more EBICS commands. The hash value for the bank's encryption key (E002) must have been configured for the bank trading partner. The hash value for the bank's authentication key (X002) must have been configured for the bank trading partner. Options -jdbcurl (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository. -jdbcuser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository. -jdbcpwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository. -frompartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name. -topartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.
64 Appendix A bcebicsmanage Command Reference Bank Access Commands -lock Description Prerequisites Suspends any further access to a bank by the TIBCO BusinessConnect user. The -lock command causes the EBICS SPR command to be sent to the bank. After the -lock command has been executed, the bank will return an error if the TIBCO BusinessConnect user tries to continue to communicate with the bank. To resume communication with the bank, the TIBCO BusinessConnect user must be re-initialized by sending the -init command again. You should also run the -verify command again, to ensure that you have downloaded the bank's current public keys. If the private keys of the TIBCO BusinessConnect user have been compromised, you should do the following after running the -lock command and before re-running the -init command: For any key which you do not want to be automatically generated by the bcebicsmanage tool, configure your own new key in the Document Security settings of the business agreement. Specify None in the Document Security settings of the business agreement for any key you wish to be automatically created anew when the command -init is executed. It is important to understand that if you do not change your key configuration in the Document Security settings of the business agreement, the keys currently configured will be used by the -init command. If the configured keys were compromised, you would have just re-initialized with the same compromised keys. Before running the -lock command the following must be done: The -init command must have been run. The bank must have indicated that the keys exchanged with the -init command have been released and the TIBCO BusinessConnect user is ready to execute more EBICS commands. Options -jdbcurl (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository. -jdbcuser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository.
Bank Access Commands 65 -jdbcpwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository. -frompartner (required if not specified in bcebicsmanage.tra): The TIBCO Administrator host name. -topartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.
66 Appendix A bcebicsmanage Command Reference Key Update Commands -updatekeys Description Prerequisites Sends the X.509 certificates of all three keys, as configured in the Document Security settings of the business agreement, to the bank using the EBICS HCS command. If you specify None for any key in the Document Security settings of the business agreement, that key will be automatically generated by the -updatekeys command, and a self-signed X.509 certificate will be created for the generated key. Otherwise, the key that is updated with the bank will be the key that is configured in the Document Security settings. Any keys generated will be uploaded back to TIBCO BusinessConnect and the configuration of the bank trading partner and the business agreement will be updated with the new keys. The -updatekeys command can be run any number of times after the TIBCO BusinessConnect user has been initialized, and as long as the TIBCO BusinessConnect user access has not been suspended with the bank. Before running the -updatekeys command the following must be done: The -init command must have been run. The -verify command must have been run. Options -jdbcurl (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository -jdbcuser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository. -jdbcpwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository. -frompartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name. -topartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner. -privatekeypwd (required): The password for your authentication, encryption and signature private keys. All three keys must use this same password.
Key Update Commands 67 -updatesignkey Description Prerequisites Sends the X.509 certificate of the configured User Signature Key to the bank using the EBICS PUB command. If you specify None for the User Signature Key in the Document Security settings of the business agreement, that key will be automatically generated by the -updatesignkey command, and a self-signed X.509 certificate will be created for the generated key. Otherwise, the key that is updated with the bank will be the key that is configured in the Document Security settings. Any generated key will be uploaded back to TIBCO BusinessConnect and the configuration of the bank trading partner and the business agreement will be updated with the new key. The -updatesignkey command can be run any number of times after the TIBCO BusinessConnect user has been initialized and as long as the TIBCO BusinessConnect user access has not been suspended with the bank. Before running the -updatesignkey command the following must be done: The -init command must have been run. The -verify command must have been run. Options -jdbcurl (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository. -jdbcuser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database which contains the TIBCO BusinessConnect repository. -jdbcpwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository. -frompartner (required if not specified in bcebicsmanage.tra) : The TIBCO BusinessConnect host name. -topartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner. -privatekeypwd (required): The password for your authentication, encryption, and signature private keys. All three keys must use this same password.
68 Appendix A bcebicsmanage Command Reference -updateauthencrkeys Description Prerequisites Sends the X.509 certificates of the configured Authentication and Encryption keys to the bank using the EBICS HCA command. If you specify None for either the authentication or encryption key in the Document Security settings of the business agreement, that key will be automatically generated by the -updateauthencrkeys command, and a self-signed X.509 certificate will be created for the generated key. Otherwise, the key that is updated with the bank will be the key that is configured in the Document Security settings. Any generated keys will be uploaded back to TIBCO BusinessConnect and the configuration of the bank trading partner and the business agreement will be updated with the new keys. The -updateauthencrkeys command can be run any number of times after the TIBCO BusinessConnect user has been initialized and as long as the TIBCO BusinessConnect user access has not been suspended with the bank. Before running the -updateauthencrkeys command the following must be done: The -init command must have been run. The -verify command must have been run. Options -jdbcurl (required if not specified in bcebicsmanage.tra) - URL for the database that contains the TIBCO BusinessConnect repository. -jdbcuser (required if not specified in bcebicsmanage.tra) - A valid username for connecting to the database that contains the TIBCO BusinessConnect repository. -jdbcpwd (required) - The password for connecting to the database that contains the TIBCO BusinessConnect repository. -frompartner (required if not specified in bcebicsmanage.tra) - The TIBCO BusinessConnect host name. -topartner (required if not specified in bcebicsmanage.tra) - The name of the bank trading partner. -privatekeypwd (required) - The password for your authentication, encryption, and signature private keys. All three keys must use this same password.
Upload to BusinessConnect Commands 69 Upload to BusinessConnect Commands -uploadkeys Description Prerequisites Options Uploads the latest version of TIBCO BusinessConnect user keys that have been exchanged with the bank to TIBCO BusinessConnect. Before running the -uploadkeys command the following must be done: The -init command must have been run. -jdbcurl (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository. -jdbcuser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository. -jdbcpwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository. -frompartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name. -topartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner. -privatekeypwd (required): The password for your authentication, encryption, and signature private keys. All three keys must use this same password.
70 Appendix A bcebicsmanage Command Reference -uploadcerts Description Prerequisites Options Uploads the latest version of public keys/certificates downloaded from the bank to TIBCO BusinessConnect. Before running the -uploadcerts command the following must be done: The -init command must have been run. -jdbcurl (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository. -jdbcuser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository. -jdbcpwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository. -frompartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name. -topartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.
Order ID Commands 71 Order ID Commands -updateorderid Description Prerequisites When sending orders to a bank trading partner, set the next order ID to be used to a specific order ID. None Options -jdbcurl (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository. -jdbcuser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository. -jdbcpwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository. -partnername (required if not specified in bcebicsmanage.tra): The name of the bank trading partner. -orderid (required): The next order ID to be used when sending orders to the bank trading partner.
72 Appendix A bcebicsmanage Command Reference
73 Index A about EBICS 2 about EBICS private messages 48 about schema validation in EBICS 36 add new category 38 add new operation 39 add new version 39 add properties 46 adding a new business agreement 18 audit logs 55 B bank access commands 64 bank initialization commands 62 bcebicsmanage command reference 59 bcebicsmanage keystore 32 business agreement document security tab 22 operation bindings tab 20 operation settings tab 21 transports tab 21, 24 command -init 62 -updateauthencrkeys 68 -updatekeys 66 -updateorderid 71 -updatesignkey 67 -uploadcerts 70 -uploadkeys 69 -verify 62 configure agreement protocol bindings for EBICS 19 configure an audit log 55 configuring a host 11 configuring a partner 12 configuring EBICS operations 38 configuring the bcebicsmanage tool 60 confirming orders 7 customer support x D delete properties 46 E C caching of schemas 36 EBICS key and certificate management with TIBCO BusinessConnect 5 EBICS order transfers 7 edit operation bindings for the host 20 enable protocol general tab 13 transports tab 14 enable protocol for the partner 12 Error Advisories 51 establishing a banking relationship 3
74 Index F FDL Operation 41 FDL Operation tab 41 FDL Request Action tab 42 FDL Response Action tab 44 FUL Operation 39 FUL Operation tab 39 FUL Request Action tab 40 FUL Response Action tab 41 M manage partner credentials 15 managing EBICS operations 36 managing EBICS properties 46 N new certificate for a partner 15 H host and partner name settings 61 O order ID commands 71 I -init 27 initializing the TIBCO BusinessConnect user 27 Initiator Request 49 Initiator Response 50 R recovering from upload errors to TIBCO BusinessConnect 31 J java.property.ebics.cli.bc.host 61 java.property.ebics.cli.bc.partner 61 java.property.ebics.cli.jdbc.url 60 java.property.ebics.cli.jdbc.user 60 java.property.ebics.cli.trace.level 60 S setting up trading hosts and partners 9 support, contacting x suspending bank access of the TIBCO BusinessConnect user 29 synchronous Request Response operation 37 L -lock 29 log viewer preferences 58 T technical support x TIBCO BusinessConnect as an EBICS Client 3 TIBCO BusinessConnect repository settings 60 TIBCO_HOME viii trace level setting 60
Index 75 U -updateauthencrkeys 30 -updatekeys 30 -updatesignkey 30 updating TIBCO BusinessConnect user keys 30 upload to BusinessConnect commands 69 -uploadcerts 31 -uploadkeys 31 V -verify 27
76 Index