86
TIBCO BusinessConnect EBICS Protocol™ User’s Guide Software Release 1.0 December 2011

TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

  • Upload
    phamdat

  • View
    238

  • Download
    0

Embed Size (px)

Citation preview

Page 1: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

TIBCO BusinessConnect EBICS Protocol™ User’s GuideSoftware Release 1.0December 2011

Page 2: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Important Information

SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.

USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.

This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.

TIBCO, The Power of Now, TIBCO Hawk, TIBCO Rendezvous, TIBCO Runtime Agent, TIBCO ActiveMatrix BusinessWorks, TIBCO Administrator, and TIBCO Designer are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.

EJB, J2EE, JMS and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.

All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.

THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM.

THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.

THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES..

Copyright © 1999-2011 TIBCO Software Inc. ALL RIGHTS RESERVED.

TIBCO Software Inc. Confidential Information

Page 3: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Contents | iii

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi

Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

Connecting with TIBCO Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

TIBCO BusinessConnect as an EBICS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Chapter 2 Setting Up Trading Hosts and Partners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Configuring a Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Configuring a Partner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 3 Configuring Business Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Adding a New Business Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Configuring Agreement Protocol Binding for EBICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Operation Bindings Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Document Security Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Transports Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Chapter 4 Key Management with bcebicsmanage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Initializing the TIBCO BusinessConnect User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Suspending Bank Access of the TIBCO BusinessConnect User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Updating TIBCO BusinessConnect User Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Recovering From Upload Errors to TIBCO BusinessConnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

bcebicsmanage Keystore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Updating the EBICS OrderID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 5 Managing EBICS Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

TIBCO BusinessConnect EZComm Protocol User’s Guide

Page 4: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

iv | Contents

Synchronous Request Response Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Configuring EBICS Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Chapter 6 Managing Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Managing EBICS Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Chapter 7 EBICS Private Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Initiator Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Initiator Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Error Advisories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Chapter 8 Viewing Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Log Viewer Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Audit Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Appendix A bcebicsmanage Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Bank Initialization Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Bank Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Key Update Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Upload to BusinessConnect Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Order ID Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

TIBCO BusinessConnect EZComm Protocol User’s Guide

Page 5: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| v

Preface

TIBCO BusinessConnect™ EBICS Protocol is a protocol used by banks in European countries that enables banking clients, such as corporations, to communicate with banks securely.

Topics

• Related Documentation, page vi

• Typographical Conventions, page viii

• Connecting with TIBCO Resources, page x

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 6: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

vi | Related Documentation

Related Documentation

TIBCO BusinessConnect™ EBICS Protocol DocumentationThe following documents form the TIBCO BusinessConnect EBICS Protocol documentation set:

• TIBCO BusinessConnect™EBICS Protocol Installation and Configuration: Read this guide to install and configure TIBCO BusinessConnect EBICS Protocol.

• TIBCO BusinessConnect™EBICS Protocol User’s Guide: Read this guide to to learn how to manage TIBCO BusinessConnect EBICS Protocol.

• TIBCO BusinessConnect™EBICS Protocol Release Notes: Read this document to learn about new features, changes in functionality, deprecated features, known issues, and closed issues for each release. This document is supplied for each release and is available only in PDF format.

TIBCO BusinessConnect™ DocumentationThe following documents form the BusinessConnect documentation set:

• TIBCO BusinessConnect™ Installation and Configuration. Read this guide to learn how to install and configure TIBCO BusinessConnect.

• TIBCO BusinessConnect™ Concepts: Read this guide to learn about TIBCO BusinessConnect architecture, deployment modes, protocols, and security.

• TIBCO BusinessConnect Interior Server™ Administration: Read this guide in order to administer, operate, and manage TIBCO BusinessConnect Interior Server.

• TIBCO BusinessConnect Gateway Server™ Administration: Read this guide in order to administer, operate, and manage TIBCO BusinessConnect Gateway Server.

• TIBCO BusinessConnect™ Trading Partner Administration: Read this guide to configure and manage trading partners.

• TIBCO BusinessConnect™ Scripting Deployment User’s Guide: Read this guide to configure and manage TIBCO BusinessConnect using the command line interface.

• TIBCO BusinessConnect™ Release Notes: Read this document to learn about new features, changes in functionality, deprecated features, known issues, and closed issues for each release. This document is supplied for each release and is available only in PDF format.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 7: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Preface | vii

Other TIBCO Product DocumentationYou may find it useful to read the documentation for the following TIBCO products, which may be used or integrated with BusinessConnect:

• TIBCO Administrator™ software: The software allows you to manage users, machines and applications defined in a TIBCO Administration Domain. The TIBCO Administrator graphical user interface enables users to deploy, monitor, and start and stop TIBCO applications.

• TIBCO ActiveMatrix BusinessWorks™ software: This software is a scalable, extensible, and easy to use integration platform that allows you to develop integration projects. TIBCO BusinessWorks includes a graphical user interface (GUI) for defining business processes and an engine that executes the process.

• TIBCO Designer™ software: This graphical user interface is used for designing and creating integration project configurations and building an Enterprise Archive (EAR) for the project. The EAR can then be used by TIBCO Administrator for deploying and running the application.

• TIBCO Runtime Agent™ software: This software suite is a prerequisite for other TIBCO software products. In addition to TIBCO Runtime Agent components, the software suite includes the third-party libraries used by other TIBCO products such as TIBCO Designer, Java Runtime Environment (JRE), TIBCO Hawk®, and TIBCO Rendezvous®.

• TIBCO Rendezvous®: This software enables programs running on many different kinds of computers on a network to communicate seamlessly. It includes two main components: the Rendezvous programming language interface (API) in several languages, and the Rendezvous daemon.

• TIBCO Enterprise Message Service ™ software: This software provides a message service that enables integration of applications within an enterprise based on the Java Message Service (JMS) specifications.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 8: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

viii | Typographical Conventions

Typographical Conventions

The following typographical conventions are used in this manual.

Table 1 General Typographical Conventions

Convention Use

ENV_NAME

TIBCO_HOME

ebics_HOME

TIBCO products are installed into an installation environment. A product installed into an installation environment does not access components in other installation environments. Incompatible products and multiple instances of the same product must be installed into different installation environments.

An installation environment consists of the following properties:

• Name Identifies the installation environment. This name is referenced in documentation as ENV_NAME. On Microsoft Windows, the name is appended to the name of Windows services created by the installer and is a component of the path to the product shortcut in the Windows Start > All Programs menu.

• Path The folder into which the product is installed. This folder is referenced in documentation as TIBCO_HOME.

TIBCO BusinessConnect EBICS Server installs into a directory within a TIBCO_HOME. This directory is referenced in documentation as ebics_HOME. The default value of ebics_HOME depends on the operating system. For example on Windows systems, the default value is

C:\tibco\bc\version\protocols\ebics

code font Code font identifies commands, code examples, filenames, pathnames, and output displayed in a command window. For example:

Use MyCommand to start the foo process.

bold code

font Bold code font is used in the following ways:

• In procedures, to indicate what a user types. For example: Type admin.

• In large code samples, to indicate the parts of the sample that are of particular interest.

• In command syntax, to indicate the default parameter for a command. For example, if no parameter is specified, MyCommand is enabled: MyCommand [enable | disable]

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 9: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Preface | ix

italic font Italic font is used in the following ways:

• To indicate a document title. For example: See TIBCO ActiveMatrix BusinessWorks Concepts.

• To introduce new terms For example: A portal page may contain several portlets. Portlets are mini-applications that run in a portal.

• To indicate a variable in a command or code syntax that you must replace. For example: MyCommand PathName

Key combinations

Key name separated by a plus sign indicate keys pressed simultaneously. For example: Ctrl+C.

Key names separated by a comma and space indicate keys pressed one after the other. For example: Esc, Ctrl+Q.

The note icon indicates information that is of special interest or importance, for example, an additional action required only in certain circumstances.

The tip icon indicates an idea that could be useful, for example, a way to apply the information provided in the current section to achieve a specific result.

The warning icon indicates the potential for a damaging situation, for example, data loss or corruption if certain steps are taken or not taken.

Table 1 General Typographical Conventions (Cont’d)

Convention Use

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 10: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

x | Connecting with TIBCO Resources

Connecting with TIBCO Resources

How to Join TIBCOmmunityTIBCOmmunity is an online destination for TIBCO customers, partners, and resident experts, a place to share and access the collective experience of the TIBCO community. TIBCOmmunity offers forums, blogs, and access to a variety of resources. To register, go to http://www.tibcommunity.com.

How to Access All TIBCO DocumentationAfter you join TIBCOmmunity, you can access the documentation for all supported product versions here:

http://docs.tibco.com/TibcoDoc

How to Contact TIBCO SupportFor comments or problems with this manual or the software it addresses, please contact TIBCO Support as follows.

• For an overview of TIBCO Support, and information about getting started with TIBCO Support, visit this site:

http://www.tibco.com/services/support

• If you already have a valid maintenance or support contract, visit this site:

https://support.tibco.com

Entry to this site requires a user name and password. If you do not have a user name, you can request one.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 11: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 1

Chapter 1 Introduction

This chapter gives an overview of EBICS (Electronic Banking Internet Communication Standard) and explains briefly how TIBCO BusinessConnect is used as an EBICS client.

Topics

• Overview on page 2

• TIBCO BusinessConnect as an EBICS Client on page 3

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 12: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

2 | Chapter 1 Introduction

Overview

TIBCO BusinessConnect™ EBICS Protocol provides a client-side implementation of EBICS (Electronic Banking Internet Communication Standard) version 2.4.2 and is limited to supporting what is known as EBICS Profile T. This chapter introduces TIBCO BusinessConnect EBICS Protocol and its support for EBICS Profile T. For specification information on EBICS version 2.4.2, please refer to the document: Specification EBICS (Electronic Banking Internet Communication Standard) Version 2.4.2.

The current version of the EBICS specification is version 2.5.0, which was released in May 26, 2011 and is not yet supported byTIBCO BusinessConnect EBICS Protocol. The current version of the EBICS specification, as well as past versions of the EBICS specification, can be found at:

http://www.ebics.org

EBICS Profile T is defined in the document EBICS - Implementation Guide in France, Version 2.1.3. This version is consistent with V2.4.2 of the specifications. This French Implementation Guide can be found at:

http://www.cfonb.org/Web/cfonb/cfonbmain.nsf/DocumentsByIDWeb/7KUEQA?OpenDocument&loglvl=7KUELS

About EBICSThe Electronic Banking Internet Communication Standard (EBICS) is a standard used in the banking industries of Germany and France that specifies the transmission protocol for exchanging information between banks and their customers. It is a client-server protocol that uses the Internet and HTTPS as the transport for the exchange of information. The data being exchanged is encoded into XML documents, and encryption and digital signatures are applied for security. Additionally, the electronic signature of a person can be applied to authorize the financial transactions contained in the XML documents.

EBICS was first developed for use in Germany and later extended for use in France, where it has replaced the use of ETEBAC3 and ETEBAC5. When using EBICS to replace ETEBAC3, an order is sent to the bank using EBICS, but confirmation that the order should be executed by the bank is sent through a communication channel other than EBICS (such as email, fax). In other words, electronic signatures are not used for authorizing transactions.

EBICS Profile T is the term used to describe this scenario for using EBICS. The remainder of this chapter describes the implementation of EBICS Profile T by TIBCO BusinessConnect EBICS Protocol.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 13: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

TIBCO BusinessConnect as an EBICS Client | 3

TIBCO BusinessConnect as an EBICS Client

TIBCO BusinessConnect EBICS Protocol is designed to act as an EBICS technical subscriber that handles the transmission of all orders to the various banks you may want to communicate with. A technical subscriber executes all EBICS requests on behalf of users. The following diagram depicts the flow of transactions between your back end systems and a bank using TIBCO BusinessConnect EBICS Protocol.

Figure 1 TIBCO BusinessConnect as an EBICS Client

Establishing a Banking RelationshipTo begin using TIBCO BusinessConnect EBICS Protocol, you as a customer of a bank must contact the bank and exchange the information required in order for the bank to set you up as a customer on their EBICS banking server. Some of the information the bank will need to know from you are:

• Your account number

• The name on your account

• The number of users who will be sending/receiving EBICS transactions. (See Note A)

• The names of the users. (See Note A)

Company A

HTTPS

BC Server RV/JMS

Internet

Enterprise Systems

Private Process

Incoming Private Process

Outgoing Private Process

LegendRV = TIBCO RendezvousBC = TIBCO BusinessConnect

EBICS Bank Server

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 14: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

4 | Chapter 1 Introduction

• The type of the user (such as technical versus human) (See Note A)

• Whether the user can sign for orders. (See Note A)

• The types of EBICS orders the users are allowed to send/retrieve.

• Which orders need confirmation before the bank should execute them. (See Note B)

• Who is responsible for confirming orders. (See Note B)

• The method of sending order confirmations outside of EBICS. (See Note B)

In return for your information, the bank will provide you with the information needed to establish communication with the bank using EBICS. The information the bank will provide you with will include:

• Bank Name The bank's name

• Bank URL HTTPS URL for connecting to the bank.

• Bank Host ID ID of the bank.

• Customer ID ID assigned to the customer by the bank.

• User ID ID assigned to the user by the bank.

• User Name Name of the user.

• E001 Hash Value Not used. (See Note C)

• X001 Hash Value Not used. (See Note C)

• E002 Hash Value The sha-256 hash of the bank's public encryption key

• X002 Hash Value The sha-256 hash of the bank's public authentication key

Note A: When establishing your relationship with a bank, it is important to let the bank know that you will have only one user sending orders to the bank and that the user is a technical user. This is because the user is being implemented by TIBCO BusinessConnect EBICS Protocol. The name you use for the BusinessConnect user can be any arbitrary name.

Note B: When orders are sent to a bank, some orders must be confirmed before they will be executed with the bank. TIBCO BusinessConnect EBICS Protocol does not support sending electronic signatures to confirm orders, so order confirmations must be sent to the bank by some other means. How orders should be confirmed and who is responsible for confirming the orders should be established with the bank.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 15: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

TIBCO BusinessConnect as an EBICS Client | 5

• Bank SSL Cert Used for communicating via HTTPS with the bank

You will then configure your TIBCO BusinessConnect host and a trading partner for the bank using this information. See Chapter 2, Setting Up Trading Hosts and Partners, page 9 for detailed information on how to configure TIBCO BusinessConnect with the above information.

EBICS Key and Certificate Management with TIBCO BusinessConnectEach user requires three keys for sending orders to banks.

• User Signature Key Used to generate electronic signature (ES) of the order data that the client sends to the bank.

• Authentication Key Used for identification and authentication of the client by the bank.

• Encryption Key Used for decryption of the symmetric key sent with orders that is used for encryption of the orders and electronic signatures.

On the bank's side, all of the keys except for the signature key are used.

Prior to sending any order to a bank, you must first initialize the TIBCO BusinessConnect user with the bank. The initialization process consists of these steps:

1. Send the user keys to the bank.

2. Send initialization letters with the public key information to the bank via a separate communication channel (such as fax).

3. Wait for the bank to release the user on their EBICS bank server.

4. Download the bank's public keys or certificates.

5. Verify the hash values of the bank's public keys.

TIBCO BusinessConnect EBICS Protocol provides the tool bcebicsmanage for the management of your EBICS keys and certificates during initialization of the TIBCO BusinessConnect user with a bank.

The bcebicsmanage tool provides the following capabilities:

• RSA public/private key pair generation according to the EBICS specification.

• X.509 self-signed certificate generation using the generated key pairs

• Initial client X.509 certificate exchange with banks via EBICS INI and HIA order types.

Note C: The E001 and X001 Hash Values are not used by TIBCO BusinessConnect as they pertain to earlier versions of the EBICS specification that are not supported by TIBCO BusinessConnect.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 16: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

6 | Chapter 1 Introduction

• Generation of initialization letters for the public keys or certificates.

• Retrieval of the bank's public keys and certs via EBICS HPB order type.

• Verification of the hash values for the bank's public keys.

• Update of existing client public keys and certificates with banks via EBICS HCS, HCA, and PUB order types.

The bcebicsmanage tool works in conjunction with your TIBCO BusinessConnect configuration repository when running its commands. If the business agreement between your TIBCO BusinessConnect host and the bank's trading partner has not been configured with any of the three keys needed for exchanging orders with the bank, those keys will be automatically created during initialization of the TIBCO BusinessConnect host with the bank server and then uploaded back into the TIBCO BusinessConnect configuration repository.

The diagram in Figure 2 depicts the case where bcebicsmanage creates the TIBCO BusinessConnect host's EBICS client keys and certificates, sends the certificates to the bank server, and then uploads the keys and certificates back to the TIBCO BusinessConnect repository. The diagram also depicts how, after initialization, bcebicsmanage is used to retrieve the bank's public keys and certificates and upload them into the TIBCO BusinessConnect Repository.

Figure 2 Keys Created by BCEBICSMANAGE

When keys and certificates are stored in the TIBCO BusinessConnect repository, keys must be in PKCS#12 format and certificates should be in PKCS#7 format.

BusinessConnect

Bank EBICS Server

EBICS Client System

Bank Public Keys and Certificates

Internet

BCEBICSMANAGE

Bank SSL CertificateBank URL

Bank IDCustomer ID

User ID

Client Private Keys& X.509 Certificates

Bank Public Keys& CertificatesClient X,509

Certificates

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 17: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

TIBCO BusinessConnect as an EBICS Client | 7

When keys and certificates are generated by the bcebicsmanage tool, the generated keys and certificates will be encoded into the proper format; when keys are generated outside of the bcebicsmanage tool, the user is responsible for making sure that the key is encoded in PKCS#12 format.

The bcebicsmanage tool is only used for initialization of the TIBCO BusinessConnect user with a bank, and whenever new keys or certificates need to be exchanged with the bank. The keys and certificates that are generated by bcebicsmanage will expire in five years, since the French Implementation Guide states that is when self-signed certificates should expire. You should also be aware that the French Implementation Guide states that keys that you create and that are signed by a Certification Authority (CA) should expire in three years.

For further information on bcebicsmanage and how to run the commands to initialize a user or update keys, see Chapter 4, Key Management with bcebicsmanage, page 25.

EBICS Order TransfersOnce BusinessConnect has been initialized with a bank and the bank's public keys or certificates have been downloaded and the hashes verified, you are now capable of sending orders to the bank.

EBICS defines two types of orders: upload and download. Both types of orders are initiated by the EBICS client. For download orders, an order to request the download is first sent to the bank, and the response to the request will contain the actual downloaded data.

TIBCO BusinessConnect EBICS Protocol supports the order types FUL and FDL, which are defined for use in France. FUL is used for upload orders, while FDL is used for download orders. Both FUL and FDL orders are further refined by specifying the file format to use for an order. For detailed information on how to configure TIBCO BusinessConnect EBICS Protocol for upload and download orders, see Chapter 5, Managing EBICS Operations, page 35.

Confirming OrdersWhen orders are sent to a bank, some orders must be confirmed before they will be executed by the bank. TIBCO BusinessConnect EBICS Protocol does not support sending electronic signatures to confirm orders, so order confirmations must be sent to the bank by some other means. How orders should be confirmed and who is responsible for confirming the orders should have been established during the setting up of your relationship with the bank.

After sending an order that needs confirmation to the bank, the user is responsible for ensuring the confirmation of that order.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 18: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

8 | Chapter 1 Introduction

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 19: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 9

Chapter 2 Setting Up Trading Hosts and Partners

This chapter explains how to set up trading hosts and partners for TIBCO BusinessConnect EBICS Protocol.

Topics

• Overview on page 10

• Configuring a Host on page 11

• Configuring a Partner on page 12

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 20: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

10 | Chapter 2 Setting Up Trading Hosts and Partners

Overview

Using the TIBCO Administrator UI, the TIBCO BusinessConnect administrator sets up trading partners and configures a business agreement as follows:

1. Configure the Host participant, which will represent the user, and set it up for the EBICS protocol.

See Configuring a Host, page 11.

2. Configure the Partner participant, which will represent the bank, and import the bank SSL certificate.

Then, configure the user information provided by the bank.

See Configuring a Partner, page 12.

3. Create a business agreement between the Host and the Partner (Bank).

See Chapter 3, Configuring Business Agreements, page 17.

Once you have finished all partner and business agreement configuration steps, use the bcebicsmanage tool to initialize the user as explained in Chapter 4, Key Management with bcebicsmanage, page 25.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 21: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Configuring a Host | 11

Configuring a Host

To configure a host that will play the role of a user in this installation, do the following:

1. Select BusinessConnect>Participants.

2. Click the New button.

3. Type the host’s name in the Name field.

4. Select Host in the Type drop-down list.

5. Click OK.

6. In the New Host Participant dialog, select the Active checkbox.

7. Click Apply.

8. Select the Protocols tab.

If the TIBCO BusinessConnect EBICS Protocol has already been activated as explained in TIBCO BusinessConnect EBICS Protocol Installation and Configuration, Protocol Activation, it is now listed under Enabled Protocols. Otherwise, you need to enable it first.

9. Click on the EBICS link.

Select or enter the information according to Table 1.

10. Click Save.

Table 1 Host Settings: General Tab

Field Description

Valid Email Address List

(Not used for EBICS)

Authentication Key Type

The authentication key type to use during initialization process.

The only value allowed for this release is X002.

Encryption Key Type

The encryption key type to use during initialization process.

The only value allowed for this release is E002.

User Signature Key Type

This key is used for creating the transport signature.

The only value allowed for this release is A005.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 22: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

12 | Chapter 2 Setting Up Trading Hosts and Partners

Configuring a Partner

TIBCO BusinessConnect partner in this installation represents the bank.

To configure the partner, bank information contained in the user access document is entered as partner properties.

1. Select BusinessConnect>Participants.

2. Click the New button.

3. Type partner’s name in the Name box.

4. Select Partner in the Type dropdown list.

5. Click OK.

6. In the New Partner Participant window, select the Active checkbox.

7. Click Apply.

Enable Protocol for the Partner1. Select the Protocols tab.

2. Click Enable.

The dialog with installed protocols appears.

3. Select the checkbox next to EBICS.

4. Click OK.

The EBICS protocol is now in the Enabled Protocols list.

5. Click on the EBICS link.

The Edit Enabled Protocol dialog appears, with the following tabs:

— General Tab, page 13

— Transports Tab, page 14

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 23: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Configuring a Partner | 13

General Tab

Select or enter information as explained in Table 2.

Table 2 Partner Settings: General Tab

Field Description

Valid Email Address List

(Not used for EBICS)

HostID for Bank The hostID of the bank (required)

Bank Name The bank’s name (required)

EBICS Protocol Version

Currently, only protocol version H003 is supported.

Hash Values for Bank Keys

E002 Hash value for the bank's E002 certificate (required)

X002 Hash value for the bank's X002 certificate (required)

Test Mode When selected, runtime will send Test requests to the bank.

An OrderParm named TEST will be added to the request, which will treat the request as a test request.

For the FUL operation, there is a FULOrderParams element connected with the parameter TEST; for the FDL operation, TEST is not available.

Technical Subscriber Information

EBICS Customer ID

ID assigned to the customer by the bank (required)

EBICS User ID ID assigned to the user by the bank (required)

EBICS User Name User name (required)

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 24: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

14 | Chapter 2 Setting Up Trading Hosts and Partners

Click Save.

Transports Tab

To add a transport for the partner, do the following:

1. Click on the Transports tab.

2. Click Add.

Enter data for the new transport as explained in Table 3.

3. Click OK.

4. Configure the new EBICS transport as described in Table 4.

OrderID Prefix A character in the range A - Z.

A user is assigned a character, and all the orders sent by this user will have an orderID starting with this character.

Every FUL request sent by a user should have a unique orderID. The orderID can range from prefix+000 to prefix+ZZZ. TIBCO BusinessConnect will create a unique orderId by incrementing it for every order sent by this user.

If an orderID prefix is changed for a given user, the orderID sequence with the previous prefix will be saved; for example, when any of the previously used prefixes are specified, the sequence number with that prefix will be used

Reset OrderID Reset the OrderID in TIBCO BusinessConnect to prefix+000. The orderID is reset only after a user is initialized.

Table 2 Partner Settings: General Tab

Field Description

Table 3 New Transport for the Partner

Field Description

Name Enter the name for the transport (required)

Type Select the transport type (EBICS) from the dropdown list.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 25: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Configuring a Partner | 15

5. Click Save three times.

Manage Partner CredentialsYou can upload a partner certificate using the Credentials tab:

New Certificate

To upload a new certificate for the partner, perform these steps:

1. Select BusinessConnect>Participants> partner> Credentials tab.

2. Click New Certificate.

Type the name of the key in the Alias field.

3. In the Current Credential line click change.

Browse and navigate to the file containing the public key and click OK.

4. Click Save.

The new certificate for the partner is now listed in the Credential Name list.

Table 4 New EBICS Transport

Transport Name The transport name can be changed

URL URL of the bank EBICS server (required), such as: www.hostname.com/bank/EbicsServlet

Server Certificate Add the SSL certificate sent from the bank. This certificate can be uploaded as explained in TIBCO BusinessConnect Trading Partner Administration, Managing Partner Credentials.

Socket Timeout (sec) Leave the default (300).

SSH public keys and PGP public keys are not used for TIBCO BusinessConnect EBICS Protocol.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 26: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

16 | Chapter 2 Setting Up Trading Hosts and Partners

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 27: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 17

Chapter 3 Configuring Business Agreements

This chapter explains how to configure business agreements and protocol bindings for TIBCO BusinessConnect EBICS Protocol.

Topics

• Adding a New Business Agreement on page 18

• Configuring Agreement Protocol Binding for EBICS on page 19

• Operation Bindings Tab on page 20

• Document Security Tab on page 22

• Transports Tab on page 24

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 28: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

18 | Chapter 3 Configuring Business Agreements

Adding a New Business Agreement

After the TIBCO BusinessConnect host and bank trading partner have been configured, you will now configure their business agreement.

1. Select BusinessConnect>Business Agreements.

2. Click the New button.

The New Agreement dialog appears.

Verify that EBICS appears in the Protocols column for both trading partners between which you wish to configure a business agreement. If EBICS is missing, return back to Enable Protocol for the Partner, page 12 and enable the EBICS protocol.

3. Select a host from the Host Party list that has EBICS protocol enabled.

4. Select a partner from the Partner Party list hat has EBICS protocol enabled.

5. Click OK.

The New Agreement, general dialog appears.

6. Confirm that the Valid checkbox is selected. This will make the agreement valid immediately.

If you wish to make the agreement valid for a certain time period, do the following:

— Use the Start Date dropdown lists to specify the start date.

— Use the End Date dropdown lists to specify the stop date. This date has to be later than the start date.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 29: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Configuring Agreement Protocol Binding for EBICS | 19

Configuring Agreement Protocol Binding for EBICS

To configure EBICS agreement protocol bindings, follow these steps:

1. In the New Agreement dialog, click Add Protocol Bindings.

2. In the Select Protocol dialog, select the checkmark next to EBICS.

3. Click OK.

The New Agreement dialog appears.

4. Click the EBICS link in the Agreement Protocol Binding list.

The following tabs for configuring protocol binding options are available:

— Operation Bindings Tab

— Document Security Tab

— Transports Tab

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 30: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

20 | Chapter 3 Configuring Business Agreements

Operation Bindings Tab

Use the Operations Binding tab to configure the EBICS operations that each participant in a business agreement can initiate and respond to. The Host ’X’ Can Initiate and Partner ’Y’ Can Initiate areas list the activities that the host/partner can initiate and the partner/host can respond to.

1. Enter information according to Table 5.

2. In the Host can initiate section, click Add Operation Binding.

3. Click the topmost (+) to expand the operation tree and select the operation.

4. Click OK.

The selected operation appears in the Operation Name list.

Edit Operation Bindings for the HostClick the operation in the panel Host can initiate.

The following tabs for configuring options are available:

• Operation Settings Tab

• Transports Tab

Table 5 Edit Protocol Binding: Operation Binding Tab

Field Description

Allow All Operations

This checkbox is selected by default. If you leave it selected, you don’t need to specify operation bindings that the host or partner can initiate.

If the checkbox is cleared, you need to define the specific operation bindings.

Non Repudiation Logging

(Not used by EBICS)

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 31: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Operation Bindings Tab | 21

Operation Settings Tab

Override the operation settings using Table 6.

Click Save.

Transports Tab

Configure transport settings using Table 7.

Click Save.

Show Advanced Button

In TIBCO BusinessConnect EBICS Protocol there are no properties that can be overridden. Therefore this option is not applicable although it appears in the TIBCO Administrator GUI.

Edit Operation Bindings for the Partner

Table 6 Override Outbound Settings: Operation Settings Tab (All Operations)

Field Description

Override Operation Settings

Select the checkbox to override the operation settings for this operation. These settings have been previously configured.

Inbound for FDL; Outbound for FUL

Validate Message When selected, the request message will be validated.

Table 7 Override Outbound Settings: Transports Tab (All Operations)

Field Description

Override Transports Select to override the originally configured transport for the host.

Override Outbound Transports

Primary Transport Select any of the transports previously configured for the partner.

See Transports Tab, page 14 for more details.

Operation bindings for the partner are not used for TIBCO BusinessConnect EBICS Protocol since the bank cannot initiate a transaction with TIBCO BusinessConnect.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 32: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

22 | Chapter 3 Configuring Business Agreements

Document Security Tab

The Document Security tab is used to specify security settings for the business transaction that is being exchanged.

1. Configure document security using the information provided on Table 8.

Before using the Document Security tab to select any keys or certificates, you must first configure these keys or certificates as explained in TIBCO BusinessConnect Trading Partner Administration, Managing Host Credentials.

Keep in mind that only one set of valid bank keys may exist at one time. Therefore, shadow certificates cannot be used for EBICS.

Table 8 Edit Protocol Bindings: Document Security Tab

Field Enter/Select

Outbound Doc Exchange

Signing Info Settings

Signing Key Select the signing private key of the host from the dropdown list.

This key is used to generate the EBICS identification and authentication signature on messages sent to the EBICS bank server.

When None is selected for this key, the bcebicsmanage tool commands -init and -update* will automatically generate this key and populate this setting for you. The key will be generated according to the host's Authentication Key Type setting.

User Signature Info Settings

User Signature Key Select the user signature private key of the host from the dropdown list. This key is used to generate the electronic signature of the order data that the client uploads to the bank.

When None is selected for this key, the bcebicsmanage tool commands -init and -update* will automatically generate this key and populate this setting for you. The key will be generated according to the host's User Signature Key Type setting.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 33: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Document Security Tab | 23

Encryption Info Settings

Encryption Certificate

Specifies the Encryption certificate obtained from the bank. Running the -verify command with the bcebicsmanage tool will set this certificate automatically.

Inbound Doc Exchange

Signing Info Settings

Verification Certificate

Specifies the Verification certificate obtained from the bank. Running the -verify command with the bcebicsmanage tool will set this certificate automatically.

Encryption Info Settings

Decryption Key Select the decryption private key of the host from the dropdown list.

This key is used for decryption of the symmetric key, which is sent with orders and is used for encryption of the orders and electronic signatures.

When None is selected for this key, the bcebicsmanage tool commands -init and -update* will automatically generate this key and populate this setting for you. The key will be generated according to the host's Encryption Key Type setting.

Table 8 Edit Protocol Bindings: Document Security Tab

Field Enter/Select

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 34: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

24 | Chapter 3 Configuring Business Agreements

Transports Tab

Configure transports for the host according to Table 9.

Click Save twice.

Advanced TabAdvanced configuration settings are not supported for TIBCO BusinessConnect EBICS Protocol.

Table 9 Configure Transports for the Host

Field Description

Outbound Transports for Host

This section is is used for specifying transport information for the outbound direction, or host to trading partner.

Primary Transport Select the outbound transport that was previously configured for the host.

See Transports Tab, page 14 for more details.

Client Authentication Identity for HTTPS, FTPS, HTTPS CA

(Not used for EBICS)

Client Authentication Identity for SSHFTP

(Not used for EBICS)

Allowed Inbound Transports for Partner

Since the EBCIS bank cannot initiate a transaction with TIBCO BusinessConnect, no inbound transport configuration is needed.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 35: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 25

Chapter 4 Key Management with bcebicsmanage

This chapter explains how to manage keys that belong to the TIBCO BusinessConnect user using the bcebicsmanage tool.

Topics

• Overview on page 26

• Initializing the TIBCO BusinessConnect User on page 27

• Suspending Bank Access of the TIBCO BusinessConnect User on page 29

• Updating TIBCO BusinessConnect User Keys on page 30

• Recovering From Upload Errors to TIBCO BusinessConnect on page 31

• bcebicsmanage Keystore on page 32

• Updating the EBICS OrderID on page 33

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 36: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

26 | Chapter 4 Key Management with bcebicsmanage

Overview

TIBCO BusinessConnect EBICS Protocol provides a tool, bcebicsmanage, to perform the functions relating to key management of the TIBCO BusinessConnect user.

This chapter describes the key management functions provided by the bcebicsmanage tool and when they are used. For specific details on how to configure the bcebicsmanage tool and how to run each of the commands, see Appendix A, bcebicsmanage Command Reference, page 59..

This chapter describes how to use the bcebicsmanage tool to perform the following:

• Create keys for the TIBCO BusinessConnect user.

• Send the TIBCO BusinessConnect user keys to the bank.

• Retrieve the bank's public keys.

• Verify the hashes of the bank's public keys.

• Upload the keys generated for the TIBCO BusinessConnect user to the TIBCO BusinessConnect repository.

• Upload the bank's public keys to the TIBCO BusinessConnect repository.

• Change the keys for the TIBCO BusinessConnect user.

• Suspend the TIBCO BusinessConnect user's access to a bank.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 37: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Initializing the TIBCO BusinessConnect User | 27

Initializing the TIBCO BusinessConnect User

Two bcebicsmanage tool commands, -init and -verify, are used when the TIBCO BusinessConnect user first initializes with the EBICS server of a bank.

The -init command sends the certificates associated with the private keys of the TIBCO BusinessConnect user to the bank; the -verify command retrieves the bank's public keys and verifies the hash values of those keys with the ones which were previously provided by the bank.

-init The -init command is typically run just once to initiate the setup of an EBICS client with a bank's EBICS server. You will run the -init command when the bank has indicated that the TIBCO BusinessConnect user has been configured on their EBICS server. When you run the -init command the following occurs:

• If private keys have been configured in the Document Security settings of the business agreement, those keys are retrieved from the TIBCO BusinessConnect repository.

• Any key that has not been configured will be generated according to the French Implementation Guide for EBICS.

• Self-signed X.509 certificates will be generated for any private keys created.

• The X.509 certificates for all 3 keys (authentication, encryption, and user signature) will be sent to the bank using the EBICS INI and HIA commands.

• Initialization letters for the 3 keys will be created in the directory BC_HOME/protocols/ebics/tools/letters.

• The generated keys will be uploaded back into the TIBCO BusinessConnect repository.

• The Document Security settings of the business agreement will be updated with the generated keys.

After running the -init command, you will need to sign each of the initialization letters and send them to the bank by some other means than using EBICS; for example, you could fax the letters to the bank. The method for sending the initialization letters to the bank should be established in the contract between you and the bank.

-verify Once the bank has indicated that the public keys (contained in the X.509 certificates) of the TIBCO BusinessConnect user have been released on their EBICS server, you can run the -verify command to download the bank's public keys. The -verify command can be run any number of times, but typically will be run once after the -init command is run, and then again whenever the bank notifies you that its keys have changed.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 38: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

28 | Chapter 4 Key Management with bcebicsmanage

When you run the -verify command the following occurs:

• The bank's authentication and encryption public keys are retrieved using the EBICS HPB command.

• The hash values of the retrieved keys are compared against the hash values configured for the keys in the General settings of the bank's trading partner configuration in the TIBCO BusinessConnect Administrator GUI.

• If the public keys are not retrieved as X.509 certificates, new X.509 certificates are created for the keys. These X.509 certificates are signed by the internal CA of the bcebicsmanage tool.

• The bank's X.509 certificates are converted to PKCS#7 and loaded into the TIBCO BusinessConnect repository.

• The Document Security settings for the business agreement are updated with the bank's certificates.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 39: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Suspending Bank Access of the TIBCO BusinessConnect User | 29

Suspending Bank Access of the TIBCO BusinessConnect User

The bcebicsmanage tool command, -lock, is used to suspend any further access of the BusinessConnect user to a bank.

-lock The -lock command causes the EBICS SPR command to be sent to the bank. After the -lock command has been executed, the bank will return an error if the TIBCO BusinessConnect user tries to continue to communicate with the bank.

To resume communication with the bank, the TIBCO BusinessConnect user must be re-initialized by sending the bcebicsmanage tool commands -init and -verify again. To learn how to initialize a user, see See Initializing the TIBCO BusinessConnect User, page 27.

If the private keys of the TIBCO BusinessConnect user have been compromised, you should do the following after running the -lock command and before re-running the -init command:

• Configure your own new key(s) in the Document Security settings of the business agreement.

• Specify None in the Document Security settings of the business agreement for any key you wish to be automatically created anew when the command -init is executed.

It is important to understand that if you do not change your key configuration in the Document Security settings of the business agreement, the keys currently configured will be used by the -init command. If the configured keys were compromised, you would have just re-initialized with the same compromised keys.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 40: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

30 | Chapter 4 Key Management with bcebicsmanage

Updating TIBCO BusinessConnect User Keys

The French Implementation Guide states that self-signed certificates must be renewed after a period of five years, and that certificates signed by a CA must be renewed after a period of three years. Therefore, it will be necessary for the public keys of the TIBCO BusinessConnect user to be periodically updated with the bank.

The bcebicsmanage tool provides three options for updating the TIBCO BusinessConnect user keys:

• -updatekeys Sends the X.509 certificates of all three keys, as configured in the Document Security settings of the business agreement, to the bank using the EBICS HCS command.

• -updatesignkey Sends the X.509 certificate of the configured User Signature Key to the bank using the EBICS PUB command.

• -updateauthencrkeys Sends the X.509 certificates of the configured Authentication and Encryption keys to the bank using the EBICS HCA command.

These -update* commands, which update the TIBCO BusinessConnect user keys, act the same as the -init command when it comes to key configuration, key generation, and X.509 certificate generation. If you specify None in the Document Security settings of the business agreement for any key, that key will be automatically generated by the corresponding -update* command and a self-signed X.509 certificate will be created for the generated key. Otherwise, the key that is updated with the bank will be the key that is configured in the Document Security settings.

Unlike the -init command, with the -update* commands it is not necessary to send initialization letters for the new keys to the bank. The keys are exchanged in a secure manner using the previously exchanged keys, so initialization letters to confirm the hashes of the keys are not necessary.

The -update* commands can be run any number of times after the TIBCO BusinessConnect user has been initialized, and as long as the TIBCO BusinessConnect user has not been suspended with the bank.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 41: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Recovering From Upload Errors to TIBCO BusinessConnect | 31

Recovering From Upload Errors to TIBCO BusinessConnect

The final step of most of the bcebicsmanage tool commands is to upload any of the generated keys or certificates back to the TIBCO BusinessConnect repository.

If your database connection goes down for some reason during this final processing step, the next command or order that you try to send to the bank would fail. The bank would have the latest keys or certificates, but TIBCO BusinessConnect would still be trying to use old keys or certificates since updating of the TIBCO BusinessConnect repository with the new keys or certificates did not succeed.

To recover from this scenario, the bcebicsmanage tool provides the following commands:

• -uploadkeys Uploads the latest version of TIBCO BusinessConnect user keys that have been exchanged with the bank to TIBCO BusinessConnect.

• -uploadcerts Uploads the latest version of public keys/certificates that have been downloaded from the bank to TIBCO BusinessConnect.

The bcebicsmanage tool creates a separate Java keystore to hold any keys or certificates used by the bcebicsmanage tool commands. Therefore, when a key is created and sent to the bank using the -init command, the bcebicsmanage Java keystore will contain that key.

The -uploadkeys command will cause the TIBCO BusinessConnect user keys that are contained in the bcebicsmanage Java keystore to be extracted and uploaded to the TIBCO BusinessConnect repository.

The -uploadcerts command will cause the latest bank certificates that were downloaded and stored in the bcebicsmanage Java keystore to be extracted and uploaded to the TIBCO BusinessConnect repository.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 42: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

32 | Chapter 4 Key Management with bcebicsmanage

bcebicsmanage Keystore

The bcebicsmanage tool creates a separate Java keystore to hold any keys or certificates used by the bcebicsmanage tool commands. This keystore is tied to the operation system user running the bcebicsmanage tool.

When using the bcebicsmanage tool to manage the TIBCO BusinessConnect user's keys or download a bank's certificates, the same user should run the TIBCO BusinessConnect tool to ensure that the proper Java keystore is accessed by the tool, and that a new Java keystore won't be created. For example, having the same user execute the bcebicsmanage tool is especially important for the -update* commands. For the -update* commands, the current TIBCO BusinessConnect user keys stored in the bcebicsmanage Java keystore are used to send the TIBCO BusinessConnect user's new public keys to the bank.

Recreating the Keystore

In the event that your bcebicsmanage Java keystore gets accidently deleted, it is possible to recreate the keystore by doing the following:

• Ensure that the key configuration in each business agreement has not been modified since the command -init or -update* was last run successfully.

• Run the -init command again for each business agreement between the TIBCO BusinessConnect user and your bank trading partners. The bcebicsmanage Java keystore will get created and the keys from the business agreements will get loaded into it. The -init command will ultimately fail with a user state error, since the bank will not be expecting the TIBCO BusinessConnect user to be re-initializing itself. However, the keys from the business agreement will have been loaded into the keystore before the bank error is returned.

• Run the -verify command again for each business agreement between the TIBCO BusinessConnect user and your bank trading partners. The latest bank certificates will then be loaded into the bcebicsmanage Java keystore. The -verify command should succeed as long as the hashes of the bank's public keys have been configured properly, since bank certificates can be downloaded any number of times.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 43: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Updating the EBICS OrderID | 33

Updating the EBICS OrderID

Various EBICS commands require a unique order ID to be assigned to the command when it is sent to the bank.

TIBCO BusinessConnect EBICS Protocol maintains a table of the next order ID to use based upon the order ID prefix configured for the bank trading partner. In the event that you find it necessary to set the next order ID to be used to a specific order ID, the bcebicsmanage tool provides the command -updateorderid. For specific information on how to invoke the -updateorderid command, see Appendix A, bcebicsmanage Command Reference, page 59.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 44: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

34 | Chapter 4 Key Management with bcebicsmanage

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 45: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 35

Chapter 5 Managing EBICS Operations

This chapter describes how to manage operations for TIBCO BusinessConnect EBICS Protocol.

Topics

• Overview on page 36

• Synchronous Request Response Operation on page 37

• Configuring EBICS Operations on page 38

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 46: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

36 | Chapter 5 Managing EBICS Operations

Overview

There are two operation types for EBICS: FUL and FDL. The FUL operation types are used to upload data to bank, while FDL operations are used for fetching data from the bank. Each operation has a FileType property, which is a required field. File type should be supported by the bank.

The EBICS operations are Synchronous Request Response in nature, and both the request and response actions can contain schemas. When schemas are present and the option "Validate Schema" is selected, schema validation is performed on request/response. For the FDL type of operations, only inbound schema validation is enabled, which means that only the response can be validated.

TIBCO BusinessConnect EBICS Protocol is shipped with some preloaded operations. One of these operations, Status.ptk, is used for fetching the status of the FUL requests.

About Schema Validation in EBICSSchema validation in TIBCO BusinessConnect EBICS Protocol is performed based on the following:

• Schema type: XSD

• Direction of messages

• Whether the validation is done for a request or for a response

Caching of Schemas

The referenced schema is updated in the validator cache during runtime validation, in the same way as if it was saved through the GUI.

When a schema is used by reference, you will not observe any schema changes in the referenced object but you will see the change on the reference instead. This means that the TIBCO BusinessConnect configuration store does not scan the referenced object each time the validation occurs, but it instead indicates if there is a change in the uploaded file object. You need to update the reference in the GUI — re-save the schema reference — and the new referenced object will be updated in the cache.

See also Validation Schema Name, page 40 for more information on how to choose which schema to use: XSD.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 47: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Synchronous Request Response Operation | 37

Synchronous Request Response Operation

The Synchronous Request Response operation can send a document to the trading partner and wait for a response. It waits until the response is received and suspends any further processing for that request. This operation is used to send documents to trading partners and require response for further processing to proceed. The operation flow is presented in Figure 3.

Figure 3 Synchronous Request-Response Operation

1. The Initiator private process sends the request to the Initiator.

There are two operation types:

— FUL This operation type is used to upload data to the bank.

— FDL This operation type is used for fetching data from the bank.

The Initiator Request message from the private process is used to cause TIBCO BusinessConnect to initiate either the FUL or FDL operations. When performing FUL operations, the payload from the private process can be sent to TIBCO BusinessConnect as a string or a file reference.

2. The Initiator sends the request to the Bank and waits for the response until the timeout specified in the EBICS transport has expired.

The Initiator Response message from TIBCO BusinessConnect to the private process is used to send the response payload from the bank for FDL operations. When performing FDL operations, the response payload is always sent to the private process as a file reference.

3. Upon receiving the response from the Bank, the Initiator sends the Initiator Response message. If the Initiator times out, an audit log entry is generated, a timeout error advisory is sent, and the connection is closed.

If the Initiator TIBCO BusinessConnect times out, an audit log entry will be generated and a timeout error advisory will be sent out. In this case, the request will be cancelled. When the response arrives at a later time, there won’t be any corresponding request present, the advisory will be rejected, an error advisory will be published, and an internal system error will be sent to the partner.

InitiatorRequest

InitiatorResponse

InitiatorBusinessConnect

Internet

Initiator Private Process

1 2

3

4

The Bank

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 48: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

38 | Chapter 5 Managing EBICS Operations

Configuring EBICS Operations

To configure an EBICS operation, perform these steps:

1. In the left panel under TIBCO BusinessConnect, click the link Operations Editor.

In the Operations Editor window, group the available installed protocols (plug-ins) by Plug-in or None.

Figure 4 Configure New Operation for EBICS

Using this window, you can:

— Import a new operation, by clicking on the Import button

— Export the existing operations, by selecting the radio button next to the plug-in and clicking on the Export button.

Add New CategoryCategory is used to group operations based on their type.

1. Click on the EBICS link.

The Edit Operations: EBICS window opens.

2. Click New Category.

3. In the New Category dialog, do the following:

— In the Name field, type a category name (required)

— In the Description field, type a brief description for this category (optional).

4. Click Save.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 49: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Configuring EBICS Operations | 39

Add New VersionVersion is used to allow various subgroups of operations.

1. With the radio button for the category selected, click New Version.

2. In the New Version dialog, do the following:

— In the Name field, type a version name (required)

— In the Description field, type a brief description for this version (optional).

3. Click Done.

Add New OperationOperations are added to a specific version. Each version can contain same or different operation sets.

1. With the radio button for a version selected, click New Operation.

The New Operation dialog appears.

Figure 5 New Operation Dialog

2. Select one operation from the Operation Type dropdown list:

— FUL This operation type is used to upload data to the bank.

— FDL This operation type is used for fetching data from the bank.

These two operations are configured in a similar way, with small differences that are pointed out in the instructions.

3. Click OK.

FUL Operation

To configure the FUL operation, you will use the following tabs:

FUL Operation Tab

In the FUL Operation tab, enter information according to Table 10.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 50: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

40 | Chapter 5 Managing EBICS Operations

Table 10 FUL Operation Tab

Click Save.

FUL Request Action Tab

In the Request Action tab, enter information according to Table 11.

Field Enter/Select

Name Name of the operation (required)

Description Brief description for the operation

Outbound

Validate Message Validates the outbound request.

File Type File type to be associated with file that will be uploaded.

Table 11 FUL Request Action Tab

Field Enter/Select

Name Name of the request action

Description Brief description for the request action

Direction Initiator to Responder (pre-defined)

Validation Schema Name

Schema file for validating the outbound request.

Only the XSD schema can be defined. To select the schema document:

1. Click on the change link.

2. In the Change File dialog, select one of the following two choice from the dropdown list:

File Reference If you select file reference, enter the path to the .xsd file you wish to use.

Uploaded File If you select uploaded file, the new Change File dialog will appear.

a. Click the Browse button and navigate to the schema file.

Note: EBICS supports only XSD schema validation.

b. Click Open and OK.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 51: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Configuring EBICS Operations | 41

Click Save.

FUL Response Action Tab

In the Edit Operation dialog, enter information according to Table 12.

Click Save.

FDL Operation

To configure the FUL operation, you will use the following tabs:

FDL Operation Tab

In the FDL Operation tab, enter information according to Table 10.

Table 13 FDL Operation Tab

For BC Palette use only

XML Document Validation

Select XSD from the dropdown list.

Root XML Element Name

Root XML element name, which is the top-level XML element in the document. It is only required if you are going to use the TIBCO BusinessConnect palette.

Table 11 FUL Request Action Tab

Field Enter/Select

Table 12 FUL Response Action Tab

Field Enter/Select

Name Name of the response action

Description Brief description for the response action

Direction Responder to Initiator (pre-defined)

Field Enter/Select

Name Name of the operation (required)

Description Brief description for the operation

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 52: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

42 | Chapter 5 Managing EBICS Operations

Click Save.

FDL Request Action Tab

In the Request Action tab, enter information according to Table 11.

Inbound

Validate Message Validates the response received from the bank.

When selected, either the request or response will be validated. This checkbox should be selected in the following cases:

• Initiator needs that the request to the partner be validated

• Responder needs that the response be validated

File Type File type to be associated with file that will be downloaded.

Field Enter/Select

Table 14 FDL Request Action Tab

Field Enter/Select

Name Name of the request action

Description Brief description for the request action

Direction Initiator to Responder (pre-defined)

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 53: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Configuring EBICS Operations | 43

Click Save.

Download Criteria Schema Name

Schema file for specifying the download criteria. Since for FDL operations no data is uploaded to the bank, this schema is used to specify the download criteria for FDL file type.

To specify the criteria, a predefined schema should be uploaded.

Note: Only the XSD schema can be defined.

To select the schema document:

1. Click on the change link.

2. In the Change File dialog, select one of the following two choice from the dropdown list:

File Reference If you select file reference, enter the path to the .xsd file you wish to use.

Uploaded File If you select uploaded file, the new Change File dialog will appear.

a. Click the Browse button and navigate to the schema file.

b. Click Open and OK.

Note: This schema can be found in EBICS_HOME/examples/ FDLRequestData.xsd. It contains a FDLRequestData root element and startData and endDate child elements. You can specify the startDate and endDate values in YYMMDD format.

For BC Palette use only

XML Document Validation

Select XSD from the dropdown list.

Root XML Element Name

Root XML element name, which is the top-level XML element in the document. It is only required if you are going to use the TIBCO BusinessConnect palette.

Table 14 FDL Request Action Tab

Field Enter/Select

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 54: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

44 | Chapter 5 Managing EBICS Operations

FDL Response Action Tab

In the Edit Operation dialog, enter information according to Table 12.

Click Save.

Table 15 FDL Response Action Tab

Field Enter/Select

Name Name of the response action

Description Brief description for the response action

Direction Responder to Initiator (pre-defined)

Validation Schema Name

Schema file for validating the downloaded data from bank.

Only the XSD schema can be defined. To select the schema document:

1. Click on the change link.

2. In the Change File dialog, select one of the following two choice from the dropdown list:

File Reference If you select file reference, enter the path to the .xsd file you wish to use.

Uploaded File If you select uploaded file, the new Change File dialog will appear.

a. Click the Browse button and navigate to the schema file.

Note: EBICS supports only XSD schema validation.

b. Click Open and OK.

Private Process Wait (seconds)

Determines the time in seconds for how long the private process will wait for response.

The default is 3600

For BC Palette use only

XML Document Validation

Select XSD from the dropdown list.

Root XML Element Name

Root XML element name, which is the top-level XML element in the document. It is only required if you are going to use the TIBCO BusinessConnect palette.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 55: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 45

Chapter 6 Managing Properties

This chapter explains how to add and remove EBICS properties.

Topics

• Managing EBICS Properties on page 46

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 56: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

46 | Chapter 6 Managing Properties

Managing EBICS Properties

You can add, change, or remove EBICS properties using the Edit Plug-in Properties dialog.

Add a PropertyTo add a property:

1. In TIBCO Administrator, select BusinessConnect>System Settings>Activated Protocol Plug-ins and Properties.

2. Click on the EBICS link.

3. In the Edit Plug-in Properties window, click Add.

4. Type a name for the property in the Property Name field.

5. Select a data type from the Property Type dropdown list: boolean, string. or integer.

6. Type a description of the new property in the Description field.

7. Click Save.

The new property is now added in the Edit Plug-in Properties window.

Delete a PropertyTo remove a property:

1. In the Edit Plug-in Properties window, check the checkbox next to the property you want to delete.

2. Click Delete.

3. In the Delete Property dialog, type the name of the property you want to delete and click OK.

Keep in mind that you may remove only user defined properties, and that default properties should not be removed.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 57: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 47

Chapter 7 EBICS Private Messages

This chapter describes how to configure the EBICS private messages.

Topics

• Overview on page 48

• Initiator Request on page 49

• Initiator Response on page 50

• Error Advisories on page 51

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 58: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

48 | Chapter 7 EBICS Private Messages

Overview

The exchange of business documents is known as the process flow. In any TIBCO BusinessConnect process flow, two types of messages are exchanged:

• Private messages

• Public messages See Chapter 5, Managing EBICS Operations, page 35

About EBICS Private MessagesPrivate messages are exchanged between a private process and the local TIBCO BusinessConnect installation. Private messages can contain a request, response, or notification document. The private process handles conversion from internal to public data and back.

You can generate EBICS private messages from TIBCO ActiveMatrix BusinessWorks private processes that use the TIBCO BusinessConnect Palette.

TIBCO BusinessConnect EBICS Protocol supports three types of private process messages:

• Initiator Request Used to initiate a file upload or file download request to the bank.

• Initiator Response Used to send the response received from the bank. This can be status message, such as for file upload, or a payload from the bank, such as for file download.

• Error Advisory Used to send advisories when an error occurs during the execution of a request.

See TIBCO BusinessConnect Trading Partner Administration Guide, Chapter 7, Private Process Configuration for more information.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 59: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Initiator Request | 49

Initiator Request

The Initiator private process uses this message to handle outbound requests. Data that is sent is in a string or in binary form.

Subject Name prefix.installation.EBICS.INITIATOR.REQUEST

External example: AX.BC.BC-ACME.EBICS.INITIATOR.REQUEST

Table 16 Private Message: InitiatorRequest

Field Type Required Description

fromPartner String HostParticipant Name invoking the Initiator Request.

Represents the EBICS user.

toPartner String Yes PartnerParticipant Name receiving the request .

Represents the EBICS Bank.

transactionID String The transactionID for this request. It will be created by the TIBCO BusinessConnect Palette if not explicitly specified.

closure String Used to correlate the response with the request.

inputFile String This field can specify a file reference and is used to send data to the bank.

For FUL file types, data can be uploaded to the bank using this field or stringData field. For FDL file types, no data is uploaded to the bank and this field should stay empty.

stringData String This field is used to send data to the bank.

For FUL file types, data can be uploaded to the bank using this field or inputFile field. For FDL file types, this field is used to specify download criteria. For now, user can download data for FDL file type in a given date range; for this to work, user needs to upload a custom schema that has the FDLRequestData root element. This schema can be found in examples folder of the EBICS installation. See Configuring EBICS Operations for more information.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 60: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

50 | Chapter 7 EBICS Private Messages

Initiator Response

BusinessConnect sends the Initiator Response message when a request to the bank has been successful.

Subject Name prefix.installation.EBICS.INITIATOR.RESPONSE

External example: AX.BC.ACME.EBICS.INITIATOR.RESPONSE

Table 17 Private Message: InitiatorResponse

Field Type Description

standardID String Protocol name: EBICS

userID String EBICS userID of the user who initiated the request.

customerID String EBICS CustomerID of the customer to which userID belongs.

bankID String HostID for bank that received the request.

fileType String EBICS file type of the file that was uploaded or downloaded.

fromPartner String Name of the host participant that represents the EBICS user.

toPartner String Name of the partner participant that represents the EBICS bank,

operationID String operationID name

transactionID String transactionID for this request.

orderID String The orderID used for this request. TIBCO BusinessConnect generates this automatically for FUL file types.

statusCode String Status code for this request.

statusMsg String Status message for this request.

closure String Used to correlate the response with the request.

responseFile String File reference for the data downloaded from the bank. It is used only for the FDL file types.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 61: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Error Advisories | 51

Error Advisories

These messages are sent by BusinessConnect when there an error occurs during the execution of the request, or when there is an error when processing the request in the bank.

Subject Name prefix.installation.EBICS.ERROR

Example: AX.BC.BC-ACME.EBICS.ERROR

Table 18 Private Message: Error Message

Field Type Required Description

statusCode String One of the private party-defined status and error codes

statusMsg String The string representing the cause of one of the private party-defined status or error codes

details String Additional information or details for the message

timestamp string Date and Time of the transaction

msgDirection String The flow of the message, either inbound or outbound

closure Reserved

operationID String A three-part ID of the form: category/version_number/operation_Name

transactionID String A unique ID generated by TIBCO BusinessConnect when publishing the transaction to the private process's environment. This transactionID will be the same as the one with which the request was initiated.

standardID String Yes Protocol name (EBICS)

host String No Host participant’s name. Represents the EBICS user.

tpName String No Partner participant’s name. Represents the EBICS bank.

extrainfo string Additional details

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 62: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

52 | Chapter 7 EBICS Private Messages

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 63: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 53

Chapter 8 Viewing Logs

This chapter explains the use of logs in TIBCO BusinessConnect EBICS Protocol.

Topics

• Log Viewer Overview on page 54

• Audit Logs on page 55

• Preferences on page 58

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 64: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

54 | Chapter 8 Viewing Logs

Log Viewer Overview

In TIBCO BusinessConnect EBICS Protocol, the log offers several search options: Audit, Resendable Transactions, Resend History, and Preferences.

Setting up search preferences for all protocols, or for a particular protocol, is explained in TIBCO BusinessConnect Trading Partner Administration, .

The available log viewer options for TIBCO BusinessConnect EBICS Protocol are: Audit logs and Preferences.

When doing searches, remember that the character “*” is not considered to work as a wild card, but represents a part of a name.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 65: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Audit Logs | 55

Audit Logs

The audit log is used to store information about the messages and documents processed by TIBCO BusinessConnect EBICS Protocol.

You can use the audit log to follow the processing states of inbound or outbound documents. Some of the types of information stored in the audit log include: sent and received documents; document originator; trading partner name; processing status; and validation errors.

For more information on audit logs, see TIBCO BusinessConnect Trading Partner Administration Guide, Audit Logs.

Configure an Audit LogTo configure an audit log for TIBCO BusinessConnect EBICS Protocol, do the following:

1. Select BusinessConnect>Log Viewer.

2. In the log viewer window, select the radio button next to EBICS.

3. Click the Audit button.

4. Configure the audit log search.

Table 19 lists the options to select for the audit log.

When doing searches, remember that the character “*” is not considered to work as a wild card, but represents a part of a name.

Table 19 Audit Log: Search Filters

Column Name Definition

Status Select a specific status, such as ANY, COMPLETED, ERROR,and PENDING

Date Range Criteria

From this dropdown list, you can select the period to search:

• One Day• One Week• One Month• One Year• Custom

If Custom Date Range is selected, additional editable fields for Start and End of the search period will become available.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 66: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

56 | Chapter 8 Viewing Logs

Advanced Filters 5. To configure the advanced search filters, click the Add button.

Table 20 lists the options to select in the Advanced Search Settings section of the audit log.

6. After defining the filters, click Save.

7. You can search the audit logs by grouping them according to the selected criteria.

Table 20 Audit Log: Advanced Search Filters

Column Definition

Save as Query Enter the name under which you want to save the query you define in this dialog

Host Host name

Boolean search using: is, contains, is not, is not like

Trading Partner Trading Partner name

Boolean search using: is, contains, is not, is not like

Operation ID Operation ID

Boolean search using: is, contains, is not, is not like

UserID UserID assigned by the Bank

Boolean search using: is, contains, is not, is not like

BankID Host ID for the bank

Boolean search using: is, contains, is not, is not like

OrderID The orderID used for this request. TIBCO BusinessConnect generates this automatically for upload requests.

Boolean search using: is, contains, is not, is not like

CustomerID CustomerID assigned by the Bank

Boolean search using: is, contains, is not, is not like

TransactionID TransactionID for this request.

Boolean search using: is, contains, is not, is not like

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 67: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Audit Logs | 57

In the Group by drop-down list , select any of the available criteria:— None— Date Group— Host— Trading Partner— Operation ID— UserID— BankID

— OrderID— CustomerID— TransactionID

To learn more about these options, see TIBCO BusinessConnect Trading Partner Administration Guide, Audit Logs.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 68: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

58 | Chapter 8 Viewing Logs

Preferences

To set the preferences for log searches used for TIBCO BusinessConnect EBICS Protocol, do the following:

1. Select BusinessConnect > Log Viewer.

2. In the log viewer window, select the radio button next to EBICS.

3. Click the Preference button.

4. The preference options for TIBCO BusinessConnect EBICS Protocol are explained in table Table 21.

Table 21 Log Viewer Preferences: TIBCO BusinessConnect EBICS Protocol

Protocol EBICS

Show Protocol in List Check or uncheck the checkbox to display the selected protocol in the list.

Defaults

Host Select the default host name from the drop-down list.

Status Select the protocol status that will be used to display the logs: ANY, COMPLETED, ERROR, and PENDING

Group By Column

Audit Columns available for grouping the audit logs depend on the protocol: None, Date Group, Host, Trading Partner, Operation ID,

UserID, BankID, OrderID, CustomerID, TransactionID

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 69: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 59

Appendix A bcebicsmanage Command Reference

This appendix contains the command that are used by the bcebicsmanage tool.

Topics

• Overview, page 60

• Bank Initialization Commands, page 62

— -init, page 62

— -verify, page 63

• Bank Access Commands, page 64

— -lock, page 64

• Key Update Commands, page 66

— -updatekeys, page 66

— -updatesignkey, page 67

— -updateauthencrkeys, page 68

• Upload to BusinessConnect Commands, page 69

— -uploadkeys, page 69

— -uploadcerts, page 70

• Order ID Commands, page 71

— -updateorderid, page 71

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 70: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

60 | Appendix A bcebicsmanage Command Reference

Overview

TIBCO BusinessConnect EBICS Protocol provides a tool, bcebicsmanage, to perform the functions relating to key management of the TIBCO BusinessConnect user. This Appendix contains information on how to configure bcebicsmanage for use, and information on each of the commands supported by the bcebicsmanage tool.

Configuring the bcebicsmanage ToolThe bcebicsmanage tool is located in the directory BC_HOME/protocols/ ebics/ tools. The executable to invoke is named bcebicsmanage.exe on Windows and bcebicsmanage on UNIX, and the file which contains configuration information needed to run the tool is named bcebicsmanage.tra. Most of the settings in bcebicsmanage.tra are already specified for you, but there are a couple of settings which you must configure and a few settings which it is good to be aware of.

TIBCO BusinessConnect Repository Settings

The bcebicsmanage tool works in conjunction with the TIBCO BusinessConnect repository.

You must specify the way of connecting to the TIBCO BusinessConnect repository in bcebicsmanage.tra prior to invoking the bcebicsmanage tool. The settings in bcebicsmanage.tra that tell the tool how to connect to the TIBCO BusinessConnect repository are:

• java.property.ebics.cli.jdbc.url Set the value for this property to the URL for the database that contains the TIBCO BusinessConnect repository.

• java.property.ebics.cli.jdbc.user Set the value for this property to a valid user name for connecting to the database.

Trace Level Setting

The bcebicsmanage tool outputs tracing information during its execution. Tracing is provided by Apache log4j, and the level of tracing can be controlled by the following setting:

java.property.ebics.cli.trace.level

Valid values for the trace level can be found at:

http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/Level.html

By default, the trace level is set to INFO.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 71: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Overview | 61

Host and Partner Name Settings

During normal usage of the bcebicsmanage tool, you will run the tool for the same TIBCO BusinessConnect host and trading partner several times. The ability to specify the names of the TIBCO BusinessConnect host and trading partner in the bcebicsmanage.tra file has been provided to reduce the number of options you need to specify on the command line when running the tool.

The following properties can be specified in bcebicsmanage.tra, instead of on the command line, to indicate which TIBCO BusinessConnect host and trading partner to use for a bcebicsmanage command:

• java.property.ebics.cli.bc.host The name of the TIBCO BusinessConnect host.

• java.property.ebics.cli.bc.partner The name of the bank trading partner.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 72: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

62 | Appendix A bcebicsmanage Command Reference

Bank Initialization Commands

-init

Description Initializes a TIBCO BusinessConnect host as an EBICS client of a bank's EBICS server. The -init command is typically run just once. Initialization consists of the following:

1. Creation of any keys that have not been configured for the TIBCO BusinessConnect host.

2. Sending of the public keys for authentication, encryption, and user signature to the bank's EBICS server.

3. Generation of initialization letters for the public keys.

Prerequisites Before running the -init command the following must be done:

• The TIBCO BusinessConnect host must have been configured.

• A trading partner for the bank must have been configured.

• A business agreement between the TIBCO BusinessConnect host and the bank (trading partner) must have been configured.

• The bank must have indicated that the TIBCO BusinessConnect user has been set up as an EBICS client on the bank's EBICS server

Options • -jdbcURL (required if not specified in bcebicsmanage.tra): URL for the database which contains the TIBCO BusinessConnect repository.

• -jdbcUser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database which contains the TIBCO BusinessConnect repository.

• -jdbcPwd (required): The password for connecting to the database which contains the TIBCO BusinessConnect repository.

• -fromPartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name.

• -toPartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.

The options provided from the command line take priority over the options provided in the bcebicsmanage.tra file.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 73: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Bank Initialization Commands | 63

• -privateKeyPwd (required): The password for your authentication, encryption, and signature private keys. All three keys must use this same password.

-verify

Description Downloads the bank's public keys and compares the hashes of those keys with the hashes configured for the bank trading partner. If the bank keys retrieved are not X.509 certificates, self-signed X.509 certificates will be created for the keys using an internal CA. The X.509 certificates are then converted to PKCS#7 and uploaded to TIBCO BusinessConnect, where the bank trading partner and business agreement are updated with the retrieved public keys.

The -verify command can be run any number of times, but typically will be run once after the -init command is run and then again whenever the bank notifies you that its keys have changed.

Prerequisites Before running the -verify command, the following must be done:

• The -init command must have been run.

• The bank must have indicated that the keys exchanged with the -init command have been released and the TIBCO BusinessConnect user is ready to execute more EBICS commands.

• The hash value for the bank's encryption key (E002) must have been configured for the bank trading partner.

• The hash value for the bank's authentication key (X002) must have been configured for the bank trading partner.

Options • -jdbcURL (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository.

• -jdbcUser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository.

• -jdbcPwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository.

• -fromPartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name.

• -toPartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 74: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

64 | Appendix A bcebicsmanage Command Reference

Bank Access Commands

-lock

Description Suspends any further access to a bank by the TIBCO BusinessConnect user. The -lock command causes the EBICS SPR command to be sent to the bank. After the -lock command has been executed, the bank will return an error if the TIBCO BusinessConnect user tries to continue to communicate with the bank.

To resume communication with the bank, the TIBCO BusinessConnect user must be re-initialized by sending the -init command again. You should also run the -verify command again, to ensure that you have downloaded the bank's current public keys.

If the private keys of the TIBCO BusinessConnect user have been compromised, you should do the following after running the -lock command and before re-running the -init command:

• For any key which you do not want to be automatically generated by the bcebicsmanage tool, configure your own new key in the Document Security settings of the business agreement.

• Specify None in the Document Security settings of the business agreement for any key you wish to be automatically created anew when the command -init is executed.

It is important to understand that if you do not change your key configuration in the Document Security settings of the business agreement, the keys currently configured will be used by the -init command. If the configured keys were compromised, you would have just re-initialized with the same compromised keys.

Prerequisites Before running the -lock command the following must be done:

• The -init command must have been run.

• The bank must have indicated that the keys exchanged with the -init command have been released and the TIBCO BusinessConnect user is ready to execute more EBICS commands.

Options • -jdbcURL (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository.

• -jdbcUser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 75: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Bank Access Commands | 65

• -jdbcPwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository.

• -fromPartner (required if not specified in bcebicsmanage.tra): The TIBCO Administrator host name.

• -toPartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 76: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

66 | Appendix A bcebicsmanage Command Reference

Key Update Commands

-updatekeys

Description Sends the X.509 certificates of all three keys, as configured in the Document Security settings of the business agreement, to the bank using the EBICS HCS command.

If you specify None for any key in the Document Security settings of the business agreement, that key will be automatically generated by the -updatekeys command, and a self-signed X.509 certificate will be created for the generated key. Otherwise, the key that is updated with the bank will be the key that is configured in the Document Security settings. Any keys generated will be uploaded back to TIBCO BusinessConnect and the configuration of the bank trading partner and the business agreement will be updated with the new keys.

The -updatekeys command can be run any number of times after the TIBCO BusinessConnect user has been initialized, and as long as the TIBCO BusinessConnect user access has not been suspended with the bank.

Prerequisites Before running the -updatekeys command the following must be done:

• The -init command must have been run.

• The -verify command must have been run.

Options • -jdbcURL (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository

• -jdbcUser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository.

• -jdbcPwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository.

• -fromPartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name.

• -toPartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.

• -privateKeyPwd (required): The password for your authentication, encryption and signature private keys. All three keys must use this same password.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 77: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Key Update Commands | 67

-updatesignkey

Description Sends the X.509 certificate of the configured User Signature Key to the bank using the EBICS PUB command.

If you specify None for the User Signature Key in the Document Security settings of the business agreement, that key will be automatically generated by the -updatesignkey command, and a self-signed X.509 certificate will be created for the generated key. Otherwise, the key that is updated with the bank will be the key that is configured in the Document Security settings. Any generated key will be uploaded back to TIBCO BusinessConnect and the configuration of the bank trading partner and the business agreement will be updated with the new key.

The -updatesignkey command can be run any number of times after the TIBCO BusinessConnect user has been initialized and as long as the TIBCO BusinessConnect user access has not been suspended with the bank.

Prerequisites Before running the -updatesignkey command the following must be done:

• The -init command must have been run.

• The -verify command must have been run.

Options • -jdbcURL (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository.

• -jdbcUser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database which contains the TIBCO BusinessConnect repository.

• -jdbcPwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository.

• -fromPartner (required if not specified in bcebicsmanage.tra) : The TIBCO BusinessConnect host name.

• -toPartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.

• -privateKeyPwd (required): The password for your authentication, encryption, and signature private keys. All three keys must use this same password.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 78: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

68 | Appendix A bcebicsmanage Command Reference

-updateauthencrkeys

Description Sends the X.509 certificates of the configured Authentication and Encryption keys to the bank using the EBICS HCA command.

If you specify None for either the authentication or encryption key in the Document Security settings of the business agreement, that key will be automatically generated by the -updateauthencrkeys command, and a self-signed X.509 certificate will be created for the generated key. Otherwise, the key that is updated with the bank will be the key that is configured in the Document Security settings. Any generated keys will be uploaded back to TIBCO BusinessConnect and the configuration of the bank trading partner and the business agreement will be updated with the new keys.

The -updateauthencrkeys command can be run any number of times after the TIBCO BusinessConnect user has been initialized and as long as the TIBCO BusinessConnect user access has not been suspended with the bank.

Prerequisites Before running the -updateauthencrkeys command the following must be done:

• The -init command must have been run.

• The -verify command must have been run.

Options • -jdbcURL (required if not specified in bcebicsmanage.tra) - URL for the database that contains the TIBCO BusinessConnect repository.

• -jdbcUser (required if not specified in bcebicsmanage.tra) - A valid username for connecting to the database that contains the TIBCO BusinessConnect repository.

• -jdbcPwd (required) - The password for connecting to the database that contains the TIBCO BusinessConnect repository.

• -fromPartner (required if not specified in bcebicsmanage.tra) - The TIBCO BusinessConnect host name.

• -toPartner (required if not specified in bcebicsmanage.tra) - The name of the bank trading partner.

• -privateKeyPwd (required) - The password for your authentication, encryption, and signature private keys. All three keys must use this same password.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 79: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Upload to BusinessConnect Commands | 69

Upload to BusinessConnect Commands

-uploadkeys

Description Uploads the latest version of TIBCO BusinessConnect user keys that have been exchanged with the bank to TIBCO BusinessConnect.

Prerequisites Before running the -uploadkeys command the following must be done:

• The -init command must have been run.

Options -jdbcURL (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository.

-jdbcUser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository.

-jdbcPwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository.

-fromPartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name.

-toPartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.

-privateKeyPwd (required): The password for your authentication, encryption, and signature private keys. All three keys must use this same password.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 80: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

70 | Appendix A bcebicsmanage Command Reference

-uploadcerts

Description Uploads the latest version of public keys/certificates downloaded from the bank to TIBCO BusinessConnect.

Prerequisites Before running the -uploadcerts command the following must be done:

• The -init command must have been run.

Options -jdbcURL (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository.

-jdbcUser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository.

-jdbcPwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository.

-fromPartner (required if not specified in bcebicsmanage.tra): The TIBCO BusinessConnect host name.

-toPartner (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 81: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Order ID Commands | 71

Order ID Commands

-updateorderid

Description When sending orders to a bank trading partner, set the next order ID to be used to a specific order ID.

Prerequisites None

Options • -jdbcURL (required if not specified in bcebicsmanage.tra): URL for the database that contains the TIBCO BusinessConnect repository.

• -jdbcUser (required if not specified in bcebicsmanage.tra): A valid username for connecting to the database that contains the TIBCO BusinessConnect repository.

• -jdbcPwd (required): The password for connecting to the database that contains the TIBCO BusinessConnect repository.

• -partnerName (required if not specified in bcebicsmanage.tra): The name of the bank trading partner.

• -orderid (required): The next order ID to be used when sending orders to the bank trading partner.

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 82: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

72 | Appendix A bcebicsmanage Command Reference

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 83: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

| 73

Index

A

about EBICS 2about EBICS private messages 48about schema validation in EBICS 36add new category 38add new operation 39add new version 39add properties 46adding a new business agreement 18audit logs 55

B

bank access commands 64bank initialization commands 62bcebicsmanage command reference 59bcebicsmanage keystore 32business agreement

document security tab 22operation bindings tab 20operation settings tab 21transports tab 21, 24

C

caching of schemas 36

command-init 62-updateauthencrkeys 68-updatekeys 66-updateorderid 71-updatesignkey 67-uploadcerts 70-uploadkeys 69-verify 62

configure agreement protocol bindings for EBICS 19configure an audit log 55configuring a host 11configuring a partner 12configuring EBICS operations 38configuring the bcebicsmanage tool 60confirming orders 7customer support x

D

delete properties 46

E

EBICS key and certificate management with TIBCO BusinessConnect 5

EBICS order transfers 7edit operation bindings for the host 20enable protocol

general tab 13transports tab 14

enable protocol for the partner 12Error Advisories 51establishing a banking relationship 3

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 84: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

74 | Index

F

FDL Operation 41FDL Operation tab 41FDL Request Action tab 42FDL Response Action tab 44FUL Operation 39FUL Operation tab 39FUL Request Action tab 40FUL Response Action tab 41

H

host and partner name settings 61

I

-init 27initializing the TIBCO BusinessConnect user 27Initiator Request 49Initiator Response 50

J

java.property.ebics.cli.bc.host 61java.property.ebics.cli.bc.partner 61java.property.ebics.cli.jdbc.url 60java.property.ebics.cli.jdbc.user 60java.property.ebics.cli.trace.level 60

L

-lock 29log viewer preferences 58

M

manage partner credentials 15managing EBICS operations 36managing EBICS properties 46

N

new certificate for a partner 15

O

order ID commands 71

R

recovering from upload errors to TIBCO BusinessConnect 31

S

setting up trading hosts and partners 9support, contacting xsuspending bank access of the TIBCO BusinessCon-

nect user 29synchronous Request Response operation 37

T

technical support xTIBCO BusinessConnect as an EBICS Client 3TIBCO BusinessConnect repository settings 60TIBCO_HOME viiitrace level setting 60

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 85: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

Index | 75

U

-updateauthencrkeys 30-updatekeys 30-updatesignkey 30updating TIBCO BusinessConnect user keys 30upload to BusinessConnect commands 69-uploadcerts 31-uploadkeys 31

V

-verify 27

TIBCO BusinessConnect EBICS Protocol User’s Guide

Page 86: TIBCO BusinessConnect EBICS Protocol User,Aos Guide · TIBCO BusinessConnect EBICS Protocol User’s Guide Preface |vii Other TIBCO Product Documentation You may find it useful to

76 | Index

TIBCO BusinessConnect EBICS Protocol User’s Guide