Commerce Suite Administration Guide Version 3.5.1 - 0710

nuBridges Commerce Suite™
Administration Guide
Document Version 07.10
VERSION 3.5.1
© 2001-2010 nuBridges, Inc. All rights reserved.
Information in this document is subject to change without notice and does not represent a commitment on the
part of nuBridges. The documentation is provided “as is” without warranty of any kind including without
limitation, any warranty of merchantability or fitness for a particular purpose. Further, nuBridges does not
warrant, guarantee, or make any representations regarding the use, or the results of the use, of the software or
written material in terms of correctness, accuracy, reliability, or otherwise.
nuBridges is a trade name and registered trademark in the United States and other countries. The names of actual
companies and products mentioned herein may be the trademarks of their respective owners.
Table of Contents
Chapter 1: Overview
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About This Document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Introduction to the Commerce Suite Documentation Set . . . . . . . . . . . . . . 9
Commerce Suite Documentation Roadmap. . . . . . . . . . . . . . . . . . . . . . . 10
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Chapter 2: Introduction to Commerce Suite

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
The Commerce Suite Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Certified Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
The Commerce Suite Advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Supports the EDI-INT Specification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Ensures Data Integrity and Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Enables a High Performance, High Availability Trading Community. . . . . . . . . . . . . 17
Assure Reliable Trading Community Data Delivery . . . . . . . . . . . . . . . . . . . . . . . . . 17
Commerce Suite Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Multithreaded Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Commerce Suite Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Dynamic Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Failsafe Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Data Asset Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Commerce Suite Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Understanding the Console Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Understanding the Serialization Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Understanding the Control Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Understanding the Outbound Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Understanding the Inbound Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Understanding the Out-Beacon Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Understanding the Router Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Table of Contents, continued
Chapter 2: Introduction to Commerce Suite, continued

Understanding Commerce Suite Roles . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Understanding the Transport Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Understanding the Router Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Understanding the Admin Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Chapter 3: Managing Commerce Suite Servers

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Managing Commerce Suite Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Defining a New Commerce Suite Server Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Inserting a Commerce Suite Server Profile Into the Database . . . . . . . . . . . . . . . . . 27
Displaying a List of Defined Commerce Suite Servers . . . . . . . . . . . . . . . . . . . . . . . 27
Reading Commerce Suite Server Settings From a Database. . . . . . . . . . . . . . . . . . 28
Removing a Server Profile From a Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Removing a Server Profile From Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Starting a Remote Commerce Suite Server on a Remote Host . . . . . . . . . . . . . . . . 29
Chapter 4: Managing Commerce Suite Trading Partners

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Managing Trading Partner Relationships . . . . . . . . . . . . . . . . . . . . . . . . . 31
Defining a New Trading Partner Pair. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Inserting a Trading Partner Pair into a Database . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Displaying Active Trading Partner Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Reading Trading Partner Pair Data From a Database . . . . . . . . . . . . . . . . . . . . . . . 33
Removing a Trading Partner Pair from a Database . . . . . . . . . . . . . . . . . . . . . . . . . 33
Removing a Trading Partner Pair From Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Chapter 5: Managing Certificates

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Managing Commerce Suite Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . 36
Creating Public-Key and Private-Key Material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Removing a Public-Key Pair Definition From the Database . . . . . . . . . . . . . . . . . . . 37
Exporting Key-Pair Information to a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Reading Key-Pair Information From the Database . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Importing an X.509 Certificate and Corresponding Private-Key . . . . . . . . . . . . . . . . 38
Displaying Active Public-Key Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Replicating a Public-Key Pair to a Remote Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Automatic Key Expiration Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Removing a Public-Key Pair From Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter 6: Configuring a Backup Administrator

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Backup Administrator Configuration Settings. . . . . . . . . . . . . . . . . . . . . . 43
Primary Administrator Configuration Settings . . . . . . . . . . . . . . . . . . . . . 44
Appendix A: UNIX Configuration Information

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Running Commerce Suite in the Background on a Linux Server . . . . . . . 46
Running Commerce Suite in the Background on a HP-UX Server . . . . . 46
Appendix B: Commerce Suite Error Messages

Commerce Suite Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Appendix C: Database Schema for Commerce Suite Deployments

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Database Schema Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
accesscategory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
agentrole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
as2name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
certkey. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
cipher. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
errorcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
filenamehist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
grouppermission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
hash. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
icssysinfo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
keyencryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
keypair. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
keyusagecode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
opdescription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
org . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
orgtpcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
p2proute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
permission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Appendix C: Database Schema for Commerce Suite

Deployments, continued
protocolcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
servercomputer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
sscipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
sscompression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
sshash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
sskeyencryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
tp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
tporgstatus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
tpurl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
usergroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
userlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
workorder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Chapter 1: Overview
Introduction ...................................................................................................... 7
About This Document ...................................................................................... 7
Audience.......................................................................................................... 8
Introduction to the Commerce Suite Documentation Set................................. 9
Commerce Suite Documentation Roadmap .................................................. 10
Documentation Conventions.......................................................................... 12
Chapter 1: Overview
Introduction
Introduction
Welcome to the nuBridges Commerce Suite Administration Guide. This document
introduces and outlines Commerce Suite’s features, services, and architecture.
About This Document

The Commerce Suite Administration Guide contains the following chapters:
• Chapter 1: Introduction. This chapter provides information about the

Commerce Suite documentation set and the guide’s documentation
conventions.
• Chapter 2: Introduction to Commerce Suite. This chapter describes the
Commerce Suite product and how it can benefit your business. This chapter
also introduces the command-line interface and describes the Commerce Suite
architecture.
• Chapter 3: Managing Commerce Suite Servers. This chapter describes how to
define and manage servers using the Commerce Suite command line interface
(CLI).
• Chapter 4: Managing Commerce Suite Trading Partners. This chapter
describes how to define and manage trading partners using the Commerce Suite
command line interface (CLI).
• Chapter 5: Managing Certificates. This chapter describes how to define and
manage certificates using the Commerce Suite command line interface (CLI).
• Chapter 6: Configuring a Backup Administrator. This chapter describes how to
configure a backup administrator so that, in the event of a failure of the primary
administrator, those functions performed by the primary administrator continue
to be executed.
• Appendix A: UNIX Configuration Information. This appendix describes how to
run Commerce Suite in the background on a Linux server.
• Appendix B: Commerce Suite Error Messages. This appendix provides a
description of error, informational, and warning messages that can be
encountered while using the Commerce Suite software.
• Appendix C: Database Schema for Commerce Suite Deployments. This
appendix illustrates the database schema used by Commerce Suite during
database creation.
• Glossary. The Glossary provides a list of commonly used terms found in this
document.
7
Chapter 1: Overview
Audience
Audience
This guide is intended primarily for use by the Commerce Suite data administration
personnel responsible for installation, configuration, maintenance, and use of the
Commerce Suite system.
This document has been written with the assumption that Commerce Suite
administrators and users have a general understanding of the following concepts and
technologies:
• Your business application software and business practices

• Electronic Data Interchange over the Internet (EDI-INT)
• E-Commerce
• Uniform Code Council (UCC)
• Data types
• Transport protocols
• Security standards
• The Internet
• Windows operating systems
• UNIX operating systems
8
Chapter 1: Overview
Introduction to the Commerce Suite Documentation Set
Introduction to the Commerce Suite Documentation Set

The nuBridges Commerce Suite library consists of the following documents:
• Commerce Suite Release Notes. The release notes describe new features,
maintenance updates, and important notes.
• Commerce Suite Getting Started Guide. This guide lists hardware and
software requirements, describes Commerce Suite installation, configuration,
and testing procedures, and includes post-installation considerations.
• Configuring Commerce Suite Clusters. This guide describes Commerce Suite
clusters and their benefits, and explains how to configure Commerce Suite
clusters using a configuration file or database.
• Commerce Suite Administration Guide. This guide describes how to manage
Commerce Suite servers, trading partners, and certificates, and provides other
important information for managing the Commerce Suite application.
• Commerce Suite Command Reference. This guide presents an overview of the
Commerce Suite administration commands.
• Commerce Suite Protocol Connectivity Guide. This guide provides
instructions for configuring Commerce Suite connectivity using FTP, SSL, and
AS1 protocols.
• Commerce Suite Trading Community Manager User Guide. This guide
describes how to configure and manage your trading community using the
Trading Community Manager graphical user interface.
9
Chapter 1: Overview
Commerce Suite Documentation Roadmap

The documentation should be read in the following order for you to understand and
master the concepts and configurations required to get Commerce Suite up and
running quickly:
1. Commerce Suite Release Notes
2. Commerce Suite Getting Started Guide
3. Configuring Commerce Suite Clusters
4. Commerce Suite Administration Guide

The following table provides information about the useful information found in the
Commerce Suite documentation set. Topics include installation instructions,
configuration procedures, and administration tasks that are focused on providing you
with the information you need to get up and running quickly.
Read... To Learn About...

Commerce Suite Release Notes • New features
• Maintenance updates
• Documentation updates
• Important notes
Commerce Suite Getting Started Guide • The nuBridges AS2 solution
• Installing Commerce Suite
• Firewall configuration
• Licensing and upgrading
• Configuring Commerce Suite
• Testing Commerce Suite
• Work orders
• Configuration files
• Sending and receiving data
• Adding new trading partners
• Testing trading partner connectivity
• Connecting Commerce Suite to a
supported RDBMS
• Oracle, SQL, DB2, Access, and
Informix database support
10
Chapter 1: Overview
Read... To Learn About...

Configuring Commerce Suite Clusters • Understanding Commerce Suite
clusters
• Setting up a cluster using a
configuration file
• Setting up a cluster using a supported
database
Commerce Suite Administration Guide • Commerce Suite basics
• Managing Commerce Suite servers
• Managing Commerce Suite trading
partners
• Managing Commerce Suite
certificates
• Configuring a backup administrator
• Commerce Suite error messages
• Database schema for Commerce Suite
deployments
Commerce Suite Command Reference • Commerce Suite commands and
parameters
Commerce Suite Protocol Connectivity • Configuring Commerce Suite for use
Guide with AS1, FTP, and SSL.
Trading Community Manager User • Trading Community Manager (TCM)
Guide hardware and software requirements
• Installing TCM
• Configuring TCM
• Managing organization
• Managing servers and services
• Managing groups and users
• Managing trading partners and
relationships
• Managing work orders and certificates
• Managing events and reports
11
Chapter 1: Overview
Documentation Conventions
This section will familiarize you with the features of this guide. As you will notice,
the left side of this guide has a section that is used for notes, references, and warnings.
These notes are identified by the following icons:
Designates a reference relevant to the adjacent text. The
reference may refer to a procedure, text in another
document, or a definition.
Designates there is additional information that is relevant
to the text on the right side.
Designates a warning or important piece of information.
This guide also utilizes text formatting to help you locate and identify information.
Review the table below for details on the text formatting used in this guide.
Text Format Example Explanation

Click Done. Denotes a section of a screen, field,
Bold or button, page, menu, or literal text
Go to the User Details section. that should be typed.
See the Introduction section
on page 6. Denotes a reference to a document
Italics
or section, chapter, or a filename.
Open the configuration.cfg file.
e222
or
Denotes a product name or
Bold Italics Review the nuBridges
document title.
Commerce Suite User Guide
for more information.
Denotes a key located on the
SMALL CAPS Press ENTER.
keyboard.
Denotes that both keys specified
should be pressed at the same time.
For example, to execute CTRL + N,
KEY + KEY CTRL + N
you would simultaneously press the
CTRL key and the letter N on the
keyboard.
Indicates a command that should be
monospace Type -tr at the command line.
typed as displayed.
Indicates a code variable should be
<monospace> <CustomerName>
typed.
monospace -tr Indicates sample code.
<monospace> <CustomerName> Indicates a sample code variable.
12
Chapter 1: Overview
Text Format Example Explanation

addpair <from> <to>↵ Indicates the line of code wraps to
<to-URL> <rcpt-URL>↵ the next line in this documentation
↵ only. When you enter the code in
<notify-name> <inbox>↵
Commerce Suite, it should not be
[in|out] [<send-parma>] split between multiple lines.
{} -tb<timeout{s|ms}>
Indicates a set of choices from
which you must choose one.
Separates two mutually exclusive
| [in|out] choices in a syntax line. Type one of
the choices, not the symbol.
[] Indicates optional parameters. You
[in|out] typically type only the information
within the brackets, not the brackets.
... importkey <from> <to>
Indicates that a parameter can be
repeated several times in a
<usage>↵ <option>
command line. You enter only the
[...]
information, not the ellipsis (...).
13
Chapter 2: Introduction to
Commerce Suite
Introduction .................................................................................................... 15
The Commerce Suite Solution....................................................................... 15
Certified Platforms ......................................................................................... 16
The Commerce Suite Advantage................................................................... 17
Supports the EDI-INT Specification ..................................................................................17
Ensures Data Integrity and Confidentiality........................................................................17
Enables a High Performance, High Availability Trading Community ................................17
Assure Reliable Trading Community Data Delivery..........................................................17
Commerce Suite Architecture........................................................................ 18
Multi-threaded Execution ..................................................................................................18
Dynamic Scalability...........................................................................................................19
Failsafe Redundancy ........................................................................................................19
Data Asset Protection .......................................................................................................19
Commerce Suite Services Overview ............................................................. 20
Understanding the Console Service .................................................................................20
Understanding the Serialization Service ...........................................................................21
Understanding the Control Service ...................................................................................21
Understanding the Outbound Service...............................................................................21
Understanding the Inbound Service .................................................................................22
Understanding the Out-Beacon Service ...........................................................................22
Understanding the Router Service....................................................................................23
Understanding Commerce Suite Roles ......................................................... 24
Understanding the Transport Role....................................................................................24
Understanding the Router Role ........................................................................................24
Understanding the Admin Role .........................................................................................24
Introduction
Introduction
This chapter provide an overview of the Commerce Suite product. After reviewing
this chapter, you will have an understanding of how to configure Commerce Suite to
best serve your organization.
The Commerce Suite Solution

Whether you are using private networks or the Internet, today’s competitive business
environment demands a secure and reliable solution for exchanging data between
trading partners.
Building a successful Internet-based trading community requires a high performance,
high availability e-business solution that enables businesses to connect simply,
securely, and reliably over public networks.
The nuBridges Commerce Suite solution delivers the performance, scalability,

reliability, and security necessary to manage your Internet-based trading community.
The nuBridges Commerce Suite supports industry standards, enabling businesses to

send and receive any type of data using multiple communication protocols and
security models. Commerce Suite can be downloaded over the Internet and rapidly
deployed to put your business in contact with it’s trading partners.
The nuBridges Commerce Suite enables your enterprise with the profile,
communication, security, and rollout management necessary to ensure the integrity of
your business partner relationships.
The nuBridges Commerce Suite solution is certified by the Uniform Code Council
(UCC) and is also in full compliance with the Internet Engineering Task Force (IETF)
Electronic Data Interchange over the Internet (EDI-INT) specification.
Support for the EDI-INT specification ensures that EDI trading partners and user
agents can use the Internet as a transport medium to conduct business between EDI
systems and provide secure EDI over the Internet.
The Commerce Suite application provides your enterprise with the following business
benefits:
• Supports multiple data types, transport protocols, and security standards
• Supports a wide range of platforms
• Utilizes high-performance technology to maximize throughput
• Enables complete Privacy, Authentication, Integrity, and Non-Repudiation of
all transactions
• Supports certificates from all major security vendors and provides a Public Key
Infrastructure (PKI) solution generating X.509 certificates
• Offers high-availability failover and restart
15
Certified and Supported Platforms
Certified and Supported Platforms

The 3.5.1 release of Commerce Suite has been certified to run on and work with the platforms and databases listed in the table below. Customers using
Commerce Suite on any of the certified platforms listed below can receive support from nuBridges Customer Services should they encounter an issue
while using Commerce Suite. Please note that builds for Pro*C environments are available upon request.
OPERATING SYSTEM
Solaris 8
Windows AIX 5.1
Windows Windows Solaris 9 HP-UX HP-UX HP-UX HP-UX Red Hat Red Hat Red Hat SuSe Ent. 9
Database Type 2003 Server Windows7 AIX 5.2
XP Vista Solaris 10-SPARC 11.00 PA 11.11 PA 11.23 IT 11.31 IT ES 3 ES 4 ES 5 SuSe Ent. 10
2008 Server AIX 5.3
Solaris10-Intel
Standalone X X X X X X X X X X X X X X
MS Access 2002 X X X X
MSSQL Server 2000 X X X
MSSQSL Server 2005 X X X
MySQL 3.23 C C C
MySQL 4.1 X X C X X
(AIX 5.2 only) (SuSe Ent. 9 only)
MySQL 5.0 X X C X X
(AIX 5.2 only) (SuSe Ent. 9 only)
Oracle 8i X X X
(AIX 5.1 & (Solaris 8 and 9 only)
AIX 5.2 only)
Oracle 9i X X X X X X X X X X
(AIX 5.2 only) (Solaris 8, 9, & 10-
SPARC only)
Oracle 10G X X X X X X X X X X X
(AIX 5.3 only) (Solaris 10-SPARC &
10-Intel only)
Informix 9.3 X X
DB2 8.x X X
DB2 9 X X
X = denotes a certified platform eligible for support from nuBridges Customer Services
C = denotes compatibility; however, the platform is not supported
16
The Commerce Suite Advantage
The Commerce Suite Advantage

nuBridges Commerce Suite provides the required capabilities for managing the largest
and smallest trading communities.
Supports the EDI-INT Specification

Full compliance with the Internet Engineering Task Force (IETF) Electronic Data
Interchange over the Internet (EDI-INT) specification ensures that EDI trading
partners and user agents can use the Internet as a transport medium to conduct business
between EDI systems and provide secure EDI over the Internet.
Ensures Data Integrity and Confidentiality

Support for industry security standards ensures the integrity and confidentiality of data
over the Internet or other public networks. nuBridges’s solution supports the creation
and application of digital signatures and their verification to provide for non-
repudiation of message origination and receipt.
Enables a High Performance, High Availability

Trading Community
Commerce Suite utilizes high performance technologies to maximize throughput by
implementing multi-threading and multi-tasking for scalable parallel processing.
Support for data compression and platform-specific performance features enable you
to fine tune options to optimize Commerce Suite compatibility with your network
configuration.
Assure Reliable Trading Community Data Delivery

Commerce Suite assures reliable data delivery through session management and
extensive recovery features and also provides automatic notification of transfer
completion. These features, along with high-availability failover and restart
capabilities enable automatic load balancing between multiple computers ensuring
data throughput.
17
Commerce Suite Architecture

The following sections discuss the principles of operation and the fundamental
concepts underlying the Commerce Suite architecture.
• Multi-threaded Execution
• Dynamic Scalability
• Failsafe Redundancy
• Data Asset Protection
Multi-threaded Execution
To accomplish a broad variety of data-processing operations while maintaining an
efficient and robust design, the major operations of the Commerce Suite application
are executed as discrete services operating concurrently within a single process. For
example, at any given moment, the Commerce Suite may be in the process of both
receiving an inbound data stream and also preparing a file to be sent to a remote
computer.
The integrity of each independent task being performed by the computer is essential.
To protect each discrete operation and to more efficiently organize program logic, the
Commerce Suite application executes its code in the context of multiple threads of
execution within the overall application process. The operating system reserves time to
execute each thread in a cooperative manner, switching between threads at regular
intervals. Usually these thread-to-thread interruptions occur when a thread requests
access to a system resource that would otherwise, in a single-threaded environment,
impose a delay in processing due to media-access time. So, for example, while one
thread is waiting for a disk or network event to complete, other threads may obtain
CPU attention.
Commerce Suite Configuration

Prior to installation, configuration, and operation of the Commerce Suite application,
careful consideration needs to be given to the quantity and characteristics of data to be
interchanged between Internet hosts so that the Commerce Suite configuration will be
optimal. To facilitate broad scalability in both processing and storage capacity,
Commerce Suite operation is considered in terms of three basic roles that can be
shared by a single process or divided among many cooperating host computers
depending on resource requirements. The three basic roles are:
• Transport
• Router
• Admin (Administration)
18
Dynamic Scalability
One of the essential qualities of a real-time communications system is the ability to
dynamically tune the performance of the system without requiring system down-time.
A Commerce Suite configuration can be dynamically scaled by adding or removing
Transport agents without shutting down any other agent in the configuration. When a
new Transport agent is started and configured to participate in a Transport agent group,
or pool, the Transport agent automatically notifies any Router or Admin agent on its
local network segment of its presence by periodically sending a small Universal
Datagram Protocol (UDP) packet. Conversely, when a Transport agent is shut down,
Router and Admin agent on the local network segment become aware of the removal
of the Transport agent by detecting that UDP packets are no longer being transmitted
by the Transport agent.
Failsafe Redundancy
Another essential quality of a robust software system is redundancy. A Commerce
Suite configuration can be configured with multiple Router agents and multiple
Admin agents in order to insure that the secure flow of business information is not
interrupted, even if a Router or Admin agent is shut down. More than one Router agent
can service the same Transport agent pool, since each inbound data connection is
serviced by separate, dedicated threads in each agent. Likewise, more than one Admin
agent can distribute data-transfers to the same pool of Transport agents.
Data Asset Protection

Data security is of prime importance for any business enterprise. The typical solution
to avoid unauthorized access to computer systems connected to the Internet is the use
of a firewall - hardware and software specifically designed to prevent certain network
traffic. When one or more firewalls are used, it is critical that software systems avoid
compromising the inherent security of the firewall by requiring that inbound
connections be permitted through the firewall. To ensure firewall security, a
Commerce Suite configuration option, known as Data Asset Protection (DAP), can be
employed to guarantee that no Internet assailant can ever jeopardize the integrity of
computing assets behind a firewall. To accomplish this, a Commerce Suite Enterprise
Configuration employs one or more Admin agents to connect out from the inner Local
Area Network (LAN) to the Transport agent pool to collect inbound data while it is
still in its encrypted form. After the data is retrieved, the decryption of the data is
accomplished within the secure inner LAN. In the Commerce Suite Enterprise
Configuration with DAP, the Transport agents may be equipped with two network
interfaces each, ensuring that no sensitive data is exposed to a network segment that is
publicly addressable.
When using DAP, the Admin agents do not listen for UDP notifications from the
Transport agent pool. Instead, they remotely configure the Transport and Router agents
themselves by connecting to a known set of IP addresses and sending configuration
commands to setup and start each Transport and Router agent. Therefore, no
configuration data need be present outside the secure inner LAN.
19
Commerce Suite Services Overview

Before configuring the Commerce Suite application, it is helpful to understand the
operation of the various threads of execution that comprise the Commerce Suite
process. A thread may be understood as a series of computer instructions executed
within the context of a single machine state, that is, the set of internal registers
managed by the computer’s central processing unit (CPU). In a multi-threaded
processing environment, such as UNIX or Windows NT, a single process may possess
multiple independent threads executing machine instructions in various different parts
of the program concurrently. The operating system divides its attention between
threads by preemptively switching between machine states.
The Commerce Suite is written to take advantage of preemptive multitasking systems
by devoting a thread to a particular purpose, such as listening for inbound connections
or scanning for expiring certificates. Each of these threads may be thought of as
providing Commerce Suite an independent service.
The Commerce Suite process is divided into the following services:
• Console
• Serialization
• Control
• Outbound
• Inbound
• Work Order
• Beacon
• Router
Understanding the Console Service

The Console service performs the basic initialization, main logic loop, and finalization
tasks for the application. This thread is the first application thread to be started by the
operating system and the last thread to terminate when the application stops.
The initialization portion of this thread establishes communication with the underlying
network communication layer. The main logic loop accepts operator input to
manipulate application operation, manually initiate tasks, or initiate application
termination. The finalization task gracefully terminates the application and releases
allocated system resources. Operator access to the Console service is provided through
the terminal at the host computer.
20
Understanding the Serialization Service

The Serialization service is started automatically during program initialization. This
service manages access to file and memory resources that are shared between other
threads. Although the Commerce Suite application operates as several independent
threads, some resources such as disk files and common memory areas must be
accessed by only one thread at a time. In order to ensure that each thread is able to
complete its access to these shared resources before being interrupted by another
thread, the Serialization service acts as a gatekeeper, allowing only one service to
access shared resources at the same time.
Understanding the Control Service

The Control service actively listens for incoming connections on a TCP/IP port
dedicated to receiving command messages from an Admin agent, that is, a Commerce
Suite process configured for the Admin role. Admin agents regularly connect to
Transport and Router agents to send configuration data and to receive status
information and inbound data. These connections from the Admin agent are always
made to the Transport or Router agent’s Control port. By default, this port is the
Internet Assigned Numbers Authority (IANA) -assigned Internet Protocol’s Reserved
Port for the nuBridges-ics service (port 3501). However, alternate ports may be
configured for this purpose. Note that an Admin agent always initiates control service
connections. Transport and Router agents never connect directly to Admin agents.
This design is to allow the Transport and Router agents to be located in relatively less
secure network locations, such as DMZ’s, whereas the Admin agent and associated
databases could be located in a more secure location protected by a firewall
disallowing inbound connections.
Understanding the Outbound Service

The Outbound service is responsible for preparing data for transmission, initiating and
supervising the transmission of data to other computers, recording the result of the
transmission, and rescheduling the transmission in the case of errors or as user
preferences require. The Outbound service polls an outbound queue for outgoing data
and creates session threads for each individual outbound send operation.
The outbound queue is a list of transactions that carry addressing and status
information about the data to be sent. Two types of send operations are found on the
outbound queue: single-send operations and recurring-send operations. The single-
send operation is simply a send of a file from one location to another. The recurring-
send operation represents any iterative event, typically either a periodic send (for
example, a weekly status report) or a drop-box configuration wherein an outbox
location is continuously scanned for outgoing data. Both single-send and recurring-
send operations can be configured with retry parameters to handle the situation where
21
a send operation fails. Any send can be configured to be retried a specified number of
times at a specified interval. When combined with the Router services ability to buffer
and spool incoming data to a pool of Transport agents, both sending and receiving
locations share in the responsibility of reliably transmitting data.
In a configuration where several Transport agents are receiving inbound data, the
Admin agent will typically be the primary sending agent. In configurations that do not
require an Admin agent, the Transport agent(s) may both send and receive data.
Understanding the Inbound Service

The Inbound service is responsible for receiving data being sent to the host computer,
either directly from a remote host or from a Router agent, preparing and sending
suitable responses or receipts to the sending host, properly terminating the inbound
connection, delivering the received data to the proper location or service, and
recording the result of the inbound operation. In fact, more than one distinct inbound
service may be in operation at any given moment. Each instance of the inbound service
is tailored to a specific network messaging protocol (for example, HTTP or HTTPS)
and is assigned to a specific Internet protocol address and port on which to listen for
incoming connections. Moreover, each Inbound Service instantiates an Inbound
Session Thread for each concurrent inbound operation, isolating each independent
inbound connection.
Understanding the Out-Beacon Service

Commerce Suite processes acting in the Transport role use the Beacon service. The
Beacon service periodically emits a small packet of information using UDP. This
packet is broadcast to the local network segment, informing any Router agent of the
Transport’s existence on the network. Using this mechanism to advertise the
Transport’s existence to the Router permits the Router to operate without explicit
information of the Transports beforehand and the ad hoc addition or removal of
Transport agents without having to reconfigure the Router. The packets of data
broadcast by the Beacon service include the TCP/IP addresses and ports that the
Transport agent is listening on for incoming data. The Router agent collects these
addresses and ports into a dynamic list of servers to which incoming data can be sent
to provide load-balancing. The packets also contain other information about the
Transport including a routing group number to permit the configuration of several
distinct load-balancing server groups on the same local network or the establishment
of a hierarchical load-balancing configuration.
22
Understanding the Router Service

The Router service uses two or more threads of execution. First, one thread listens for
incoming UDP broadcast packets from Transport agents advertising their presence to
the Router agent. This thread collects the broadcast packets and maintains a linked-list
of Transport agent records, which indicate which TCP/IP address should be connected-
to when forwarding incoming data. Additionally, an inbound thread listens for
incoming data for a particular Internet Protocol (HTTP or HTTPS). This thread is the
first to receive incoming data from a remote host when the Router role is used in a
multi-server configuration. This inbound thread logic differs from the Transport
agent’s inbound logic. The Router service does not expect to parse or decrypt
incoming data. Therefore, the Router agent does not make assumptions or decisions
relating to the processing of data based on the contents of the data.
The Router service is responsible, however, for ensuring that all data received from a
remote host is delivered to a Transport agent for processing. To make this happen, the
Router service queues incoming data while also forwarding it to a Transport agent. If
the connection to the Transport agent is interrupted, the Router service will
temporarily suspend receiving data from the remote host while it establishes a new
connection to another Transport agent and forwards to it all data as yet received from
the remote host. When all data is forwarded successfully, the Router will again attempt
to receive more data from the remote host. The Router service does not disconnect
from either the remote host or the Transport agent until one of the connections is
terminated by the owning processes.
Under normal circumstances, each Router session will:
• Forward all incoming data from the remote host connection to the Transport
agent.
• Forward all response data from the Transport agent to the remote host.
• Detect that the Transport agent has closed an inboard connection.
• Close the connection to the remote host.
23
Understanding Commerce Suite Roles
Understanding Commerce Suite Roles

Commerce Suite operation is considered in terms of three basic roles, which can be
shared by a single process, or divided among many cooperating host computers
depending on resource requirements. The three basic roles are Transport, Router, and
Administration.
Understanding the Transport Role

The Transport role combines the most fundamental operations of Commerce Suite:
compression and decompression, encryption and decryption, digital signing and
signature verification, and sending and receiving data.
With the decryption and signing operations being the most mathematically intensive
operations performed by the Transport role, if large numbers of digitally signed and
encrypted messages need to be sent between computers, it is recommended that the
Transport role be divided across several processors to enhance throughput.
Understanding the Router Role

The Router role provides software-based load sharing between multiple computers
providing the Transport role. The Router provides a single point of entry for data of a
given Internet protocol that can then be distributed to one or many Transport agents for
processing. The Router balances incoming data across a pool of Transport agents. The
Router also provides a fail-safe mechanism against the eventuality of a Transport
failure by buffering incoming data until an entire message can be safely delivered to a
Transport agent.
Understanding the Admin Role

The Admin role provides several important services in a Commerce Suite
configuration. One of these services is outbound distribution. This is the logical
reverse of inbound load balancing performed by the Router. The Admin agent
facilitates outbound load balancing by distributing the data-sending workload among a
group of transport agents in the same way that the Router agent distributed inbound
data-receiving workloads.
The Admin role also provides a Web-based user interface to support the definition and
maintenance of data-interchange relationships. In the electronic commerce industry,
such defined interchanges are often referred to as trading partner relationships. Such a
relationship defines the Internet address of the participating computers, message
delivery options, and data-security parameters such as the certificates to be used for
signature creation and key-encryption. The Admin agent also is responsible for
configuring the Transport and Router agents and for replicating configuration updates
to these roles if they are being hosted on separate processors.
24
Chapter 3: Managing Commerce Suite
Servers
Introduction .................................................................................................... 26
Managing Commerce Suite Servers.............................................................. 26
Defining a New Commerce Suite Server Profile...............................................................26
Inserting a Commerce Suite Server Profile Into the Database .........................................27
Displaying a List of Defined Commerce Suite Servers .....................................................27
Reading Commerce Suite Server Settings From a Database ..........................................28
Removing a Server Profile From a Database ...................................................................28
Removing a Server Profile From Memory ........................................................................29
Starting a Remote Commerce Suite Server on a Remote Host........................................29
Introduction
Introduction
This section describes how to define and manage servers using the Commerce Suite
command line interface (CLI).
Managing Commerce Suite Servers

The following topics provide instructions for managing your Commerce Suite servers
using the CLI:
• Defining a New Commerce Suite Server Profile

• Inserting a Commerce Suite Server Profile Into the Database
• Displaying a List of Defined Commerce Suite Servers
• Reading Commerce Suite Server Settings From a Database
• Removing a Server Profile From a Database
• Removing a Server Profile From Memory
• Starting a Remote Commerce Suite Server on a Remote Host
Refer to the Commerce Suite Getting Started Guide for instructions on starting the
Commerce Suite application and accessing the command line interface.
Defining a New Commerce Suite Server Profile

Commerce Suite server profiles are defined as server/protocol combinations defining
Transport and Router Agent inbound services. Both of these services are remotely
configured by an Administrative Agent and must be started remotely by an
Administrative Agent.
Defining a new Commerce Suite server profile is accomplished using the addserver
command. Follow the steps below to define a new Commerce Suite server profile
using the Commerce Suite CLI.
1. Start the Commerce Suite application if it is not already running.
2. At the command prompt, enter the addserver command using the following
syntax:
addserver <name> <group> <role> <url> <control-URL>
Refer to the Commerce Suite Command Reference Guide for additional information
on using the addserver command.
26
Inserting a Commerce Suite Server Profile Into

the Database
Follow the steps below to insert a Commerce Suite server profile into the database.
2. At the command prompt, enter the insertserver command using the

following syntax:
insertserver <name> <group> <role> <url> <control-url>
on using the insertserver command.
Displaying a List of Defined Commerce Suite

Servers
Follow the steps below to display a list of defined Commerce Suite servers.
2. At the command prompt, enter the listservers command using the following
syntax:
listeservers
on using the listservers command.
27
Reading Commerce Suite Server Settings From a

Database
Reading Commerce Suite server settings from a database is accomplished using the
getservers command. This command retrieves all remote service and Agent
information from the database and populates the Commerce Suite memory with the
material needed to remotely configure Agents and issue remote commands.
The getservers command is only functional if the database parameters have been
defined with the set -d* commands and the start database command has been
issued.
Follow the steps below to display a list of defined Commerce Suite servers.

2. At the command prompt, enter the getservers command using the following
syntax:
getservers
on using the getservers command.
Removing a Server Profile From a Database

Follow the steps below to remove a server profile from a database.
2. At the command prompt, enter the deleteserver command using the

following syntax:
deleteserver <name>
on using the deleteserver command.
28
Removing a Server Profile From Memory

Follow the steps below to remove a server profile from memory.
2. At the command prompt, enter the removeserver command using the

following syntax:
removeserver <name>
on using the removeserver command.
Starting a Remote Commerce Suite Server on a

Remote Host
Follow the steps below to start a remote Commerce Suite server on a remote host.
2. At the command prompt, enter the remoteserver command using the

following syntax:
remoteserver <name> <listener-url>
on using the remoteserver command.
29
Chapter 4: Managing Commerce Suite
Trading Partners
Introduction .................................................................................................... 31
Managing Trading Partner Relationships....................................................... 31
Defining a New Trading Partner Pair ................................................................................31
Inserting a Trading Partner Pair into a Database..............................................................32
Displaying Active Trading Partner Pairs ...........................................................................32
Reading Trading Partner Pair Data From a Database ......................................................33
Removing a Trading Partner Pair from a Database..........................................................33
Removing a Trading Partner Pair From Memory ..............................................................34
Introduction
Introduction
This section describes how to define and manage trading partners using the Commerce
Suite command line interface (CLI).
Managing Trading Partner Relationships

The following topics provide instructions for managing your trading partner
relationships using the CLI.
• Defining a New Trading Partner Pair

• Inserting a Trading Partner Pair into a Database
• Displaying Active Trading Partner Pairs
• Reading Trading Partner Pair Data From a Database
• Removing a Trading Partner Pair from a Database
• Removing a Trading Partner Pair From Memory
Refer to the Commerce Suite Getting Started Guide for instructions on starting the
Commerce Suite application and accessing the command line interface.
Defining a New Trading Partner Pair

A trading partner relationship (or pair) consists of a set of data describing how data
may be transferred from one defined trading partner to another defined trading partner.
A trading partner may be identified and defined using an alphanumeric sequence of
characters or a user-defined company or institution name.
Defining a new trading partner relationship (or pair) is accomplished by using the
Commerce Suite addpair command. The addpair command defines a new trading
partner relationship and stores trading partner relationship information in memory.
Follow the steps below to define a new trading partner pair from the Commerce Suite
command line interface.
2. At the command prompt, enter the addpair command using the following
syntax:
addpair <from> <to> <to-URL> <rcpt-URL> <notify-name>↵
<inbox> [in|out][<send-parameters>]
on using the addpair command.
31
Inserting a Trading Partner Pair into a Database

You can use the Commerce Suite command-line interface to insert a trading partner
pair into a database.
Follow the steps below to insert a trading partner into the database.
2. At the command prompt, enter the insertpair command using the following
syntax:
insertpair <from> <to> <to-URL> <rcpt-URL>↵
<notify-name> <inbox> [in|out][<send-parameters>]
on using the insertpair command.
Displaying Active Trading Partner Pairs

The Commerce Suite application allows you to view active and defined trading
partner relationships (or pairs) using the command-line interface.
Displaying active trading partner pairs using the Commerce Suite CLI is
accomplished using the listpairs command.
Follow the steps below to display active trading partner pairs.
2. At the command prompt, enter the listpairs command using the following
syntax:
listpairs
on using the listpairs command.
32
Reading Trading Partner Pair Data From a Database

You can use the Commerce Suite command-line interface to read trading partner pair
data from a database. Reading trading partner pair data from a database is
accomplished using the getpairs command. The getpairs command retrieves all
trading partner relationship information from the database and populates the
Commerce Suite memory with the configuration material needed to process message
transfers.
The getpairs command is only functional if the database parameters have been
defined with the set -d* commands and the startdatabase command has been
issued.
Follow the steps below to read trading partner pair data from a database.
2. At the command prompt, enter the getpairs command using the following
syntax:
getpairs
on using the getpairs command.
Removing a Trading Partner Pair from a Database

You can use the Commerce Suite command-line interface to remove a trading partner
pair from a database. Removing a trading partner pair from a database is accomplished
using the deletepair command.
Follow the steps below to remove a trading partner pair from a database.
2. At the command prompt, enter the deletepair command using the following
syntax:
deletepair <from> <to> <protocol>
on using the deletepair command.
33
Removing a Trading Partner Pair From Memory

You can use the Commerce Suite command-line interface to remove a trading partner
pair from memory. Removing a trading partner pair from memory is accomplished
using the removepair command.
Follow the steps below to remove a trading partner pair from memory.
2. At the command prompt, enter the removepair command using the

following syntax:
removepair <from> <to> <protocol>
on using the removepair command.
34
Introduction .................................................................................................... 36
Managing Commerce Suite Certificates ........................................................ 36
Creating Public-Key and Private-Key Material..................................................................36
Removing a Public-Key Pair Definition From the Database .............................................37
Exporting Key-Pair Information to a File ...........................................................................37
Reading Key-Pair Information From the Database ...........................................................38
Importing an X.509 Certificate and Corresponding Private-Key .......................................38
Displaying Active Public-Key Pairs ...................................................................................39
Replicating a Public-Key Pair to a Remote Host ..............................................................39
Automatic Key Expiration Notification...............................................................................40
Removing a Public-Key Pair From Memory......................................................................41
Introduction
Introduction
This section describes how to define and manage certificates using the Commerce
Suite command line interface (CLI).
Managing Commerce Suite Certificates

The following topics provide instructions for managing your Commerce Suite
certificates using the CLI.
• Creating Public-Key and Private-Key Material

• Removing a Public-Key Pair Definition From the Database
• Exporting Key-Pair Information to a File
• Reading Key-Pair Information From the Database
• Importing an X.509 Certificate and Corresponding Private-Key
• Displaying Active Public-Key Pairs
• Replicating a Public-Key Pair to a Remote Host
• Removing a Public-Key Pair From Memory
Creating Public-Key and Private-Key Material

Public-key and private-key material is used for data encryption and authentication
purposes and produced for a specific use by a specific trading relationship. The public-
key is exportable to an X.509 digital-certificate format. The private-key is exportable
to a PKS#1 RSA private-key format. Both the public and private key data may be
stored in the database.
Creating public-key and private-key material is accomplished using the addkey

command. Perform the following steps to create public and private-key material using
the Commerce Suite CLI:
2. At the command prompt, enter the addkey command using the following
syntax:
addkey <from> <to> <usage> <key-bits> <issuer> <subject>
on using the addkey command.
36
Removing a Public-Key Pair Definition From the

Database
Removing a public-key pair definition from the database is accomplished using the
deletekey command.
Follow the steps below to delete the public-key pair definition from the database using
the Commerce Suite CLI.
2. At the command prompt, enter the deletekey command using the following
syntax:
deletekey <from> <to> <usage>
on using the deletekey command.
Exporting Key-Pair Information to a File

Exporting key-pair information to a file is accomplished using the exportkey
command.
Follow the steps below to export key-pair information to a file using the Commerce
Suite CLI.
2. At the command prompt, enter the exportkey command using the following
syntax:
exportkey <from> <to> <usage> <certificate-file>↵

<private-key-file>
on using the exportkey command.
37
Reading Key-Pair Information From the Database

Reading key-pair information from the database is accomplished using the getkeys
command. The getkeys command retrieves all certificate and key material
information from the database and populates the Commerce Suite memory with the
security material needed to process message transfers.
Follow the steps below to read key-pair information from the database using the
Commerce Suite CLI.
2. At the command prompt, enter the getkeys command using the following
syntax:
getkeys
on using the getkeys command.
Importing an X.509 Certificate and Corresponding

Private-Key
Importing an X.509 certificate and corresponding private-key is accomplished using
the importkey command. The imported key material must be associated with a
defined trading partner relationship and usage code.
Follow the steps below to import an X.509 certificate and corresponding private-key
using the Commerce Suite CLI.
2. At the command prompt, enter the importkey command using the following
syntax:
importkey <from> <to> <usage> -fC<filename>.cer↵

-fK<filename>.prv
on using the importkey command.
38
Displaying Active Public-Key Pairs

Displaying active public-key pairs is accomplished using the listkeys command.
Follow the steps below to display active public-key pairs using the Commerce Suite
CLI.
2. At the command prompt, enter the listkeys command using the following
syntax:
listkeys
on using the listkeys command.
Replicating a Public-Key Pair to a Remote Host

Replicating a public-key pair to a remote host is accomplished using the remotekey
command.
Follow the steps below to replicate a public-key pair to a remote host using the
Commerce Suite CLI.
2. At the command prompt, enter the remotekey command using the following
syntax:
remotekey <from> <to> <usage> <cert> <key>
on using the remotekey command.
39
Automatic Key Expiration Notification

You have the option to receive a notification that a certificate is about to expire. You
can have the notification sent via a WARN message by activating the
startcertpolling command or, if you have an SMTP server with appropriately
configured credentials, you can receive an email notification in addition to the WRN
message. If you would like to receive email alerts, make sure that your alert level is
set to 2 (warning messages and error messages).
startcertpolling
This command initiates the certificate expiry polling process. It is imperative that the
startcertpolling command is placed properly in the icssvr.cfg file. If you want to
have Commerce Suite poll for certificate expiration at start up, the startcertpolling
command must be placed in the configuration file after the importkeys, getkeys, and/
or getall commands. This ensures that all relevant certificate and key information is
loaded prior to polling. If the startcertpolling command is run before certificates and
keys are loaded, there will be no certificates/keys available for polling; therefore you
will not receive notice if there are keys set to expire.
Syntax
startcertpolling -tC<h|d> -tS<d>
Required Parameters
-tC<h|d> Specify (in hours or days) how frequently to scan

certificates for expiration dates.
-tS<d> Specify how many days out a certificate should be set to

expire in order to invoking an alert.
Command Examples
startcertpolling -tC<12h> -tS<14>
Poll the certificates every twelve hours. Notify user if there are any certificates set to
The startcertpolling
expire within 14 days.
command must be listed
after any certificate/key
import commands in the startcertpolling -tC<1d> -tS<30>
configuration file if you want
it to poll immediately, Poll the certificates every once a day. Notify user if there are any certificates set to
otherwise polling will begin
at the next scan interval. If expire within the next 30 days.
you want to poll certificates
as part of your startup
process, make sure that the
startcertpolling command in
listed after the import
certificate/key commands in
icssvr.cfg.
40
stopcertpolling
This command stops the certificate expiry polling process.
Syntax
stopcertpolling
Parameters
There are no required or optional parameters necessary when executing the

stopcertpolling command.
Removing a Public-Key Pair From Memory

Removing a public-key pair from memory is accomplished using removekey
command.
Follow the steps below to remove a public-key pair from memory using the
Commerce Suite CLI.
2. At the command prompt, enter the removekey command using the following
syntax:
removekey <from> <to> <usage>
on using the removekey command.
41
Chapter 6: Configuring a Backup
Administrator
Introduction .................................................................................................... 43
Backup Administrator Configuration Settings ................................................ 43
Primary Administrator Configuration Settings................................................ 44
Introduction
Introduction
The Commerce Suite application supports the ability to configure your secondary
agent to act in the capacity of a backup administrator. A backup administrator is an
agent that is instructed by its configuration parameters to monitor a primary
administrative agent and assume the function of the primary administrator in the event
that the primary administrator fails to regularly notify the backup administrator of its
status.
The purpose of the backup administrator function is to provide a failover feature so
that, in the event of a failure of the primary administrator, those functions performed
by the primary administrator continue to be executed. The backup administrator polls
the primary administrator each time the work-order interval expires.
Backup Administrator Configuration Settings

Follow the steps below to configure the backup administrator.
1. Set the maximum-primary-admin-poll count as follows:
set -an<num>
where <num> is a positive integer. This number represents the number of times
that the backup administrator will tolerate a failure receiving the primary
administrator's response before asserting itself as the primary administrator.
2. Set the primary-admin-hostname as follows:
set -ah<URL>
This option must be included in the backup administrator’s configuration file so
that the agent can resolve the URL to an IP address and port in order to connect
to the primary administrative agent.
For example:
set -an3 -ahp2p://127.0.0.1:5080 </command>
3. Set the work-order-interval as follows, if the default value (10 seconds) is not
desired:
set -to<secs|msecs>
4. Designate the backup administrator by including the following set option in its
configuration file:
set -gb
43
Primary Administrator Configuration Settings
Primary Administrator Configuration Settings

Start the ICSMain service on the primary administrator by including the following
command in the primary administrator agent's configuration file:
start p2p p2p://IPADDRESS:PORT
This is done so that the primary administrator can accept polling messages from the
backup administrator. This URL should include the hostname or IP address and port on
which the primary administrator should listen for incoming connections, if the <URL>
parameter should correspond to the values provided in the backup administrator's set
-uh parameter.
44
Appendix A: UNIX Configuration
Information
Introduction .................................................................................................... 46
Running Commerce Suite in the Background on a Linux Server .................. 46
Running Commerce Suite in the Background on a HP-UX Server................ 46
Appendix A: UNIX Configuration Information
Introduction
Introduction
This topic contains special topics and instructions for configuring Commerce Suite on
UNIX operating systems.
Running Commerce Suite in the Background on a Linux

Server
Execute the following command within a shell script to run the Commerce Suite
application in the background on a Linux server.
nohup icssvr -e
This command completely frees the Commerce Suite application from a term session
and will survive any interruption with the exception of a hardware change.
Running Commerce Suite in the Background on a HP-UX

Server
Execute the following command within a shell script to run the Commerce Suite
application in the background on a HP-UX server.
nohup icssvr -e
This command completely frees the Commerce Suite application from a term session
and will survive any interruption with the exception of a hardware change.
46
Appendix B: Commerce Suite
Error Messages
Commerce Suite Error Messages.................................................................. 48

Commerce Suite Error Messages

The following table contains a description of error, informational, and warning
messages that can be encountered while using Commerce Suite.
Error “No text available”

Symptom Attempting to test with http://selftest.nubridges.com
Possible 1. No notice record (the indicator that a file was successfully sent) was
Causes written to the database on selftest.nubridges.com when
attempting to receive a file. The network connection between you
and selftest.nubridges.com is preventing nuBridges from
connecting to you.
2. A down or improperly configured firewall at either party's end, or
either party's software is not currently running.
3. An incorrect URL or IP address was specified the
SendtoiSoftServer.cfg file when it was uploaded to the Selftest
Server.
4. Your external IP address is not static and has changed since you
initially set up Commerce Suite Server.
Resolution 1. Verify that Commerce Suite (icssvr) is up and running.
2. Verify that the internal IPAddress:Port is listed in the “Start Services”
section of your configuration file.
3. Verify that your firewall is configured to forward packets bound for
the external IPAddress:Port to the internal IPAddress:Port.
(Consult your firewall administrator for assistance.)
4. Verify that selftest.nuBridges.com resolves to an IP Address that
is accepted by your firewall. (Consult your firewall administrator for
assistance.)
5. Verify that the SendtoiSoftServer.cfg file has your external
IPAddress:Port listed as the “To URL” for the Selftest Server.
6. Verify that your external IP address is a static (and not DHCP) address.
Contact your Internet Service Provider (ISP) to confirm this.
ERR Invalid PKCS Block
Symptom Attempting to receive a file or MDN from a trading partner.
Possible 1. The private key (.prv file) is corrupt and may also be failing to load on
Causes startup.
2. The public key possessed by your trading partner may be corrupt.
Resolution 1. Resend your public key (.cer) file to your trading partner and have
them delete the previous one.
2. Remake your key pair and redistribute the new public key (.cer) file
to your trading partner. Have them delete the old one.
48
ERR Invalid request char (*)

Symptom Not receiving files from a trading partner.
Possible 1. Test connection has been made to ensure successful connectivity
Causes from a trading partner. This error will be logged in a case where a
telnet command was issued to the Commerce Suite listening URL.
2. An unauthorized access attempt was made, which was denied by
Commerce Suite.
Resolution No action necessary.
ERR iSocketRead() returned 10054
Symptom Appears when you are sending a file to a trading partner.
Possible 1. The connection to the remote socket was reset due to a timeout or a
Causes reboot of the remote system.
2. A duplicate IP address exists on your network
3. A misconfigured firewall or caching proxy server is blocking the
connection.
4. Loss of packets, aborted transfer, remote server stopped responding,
too many packets are dropped, or the remote system aborted a
transfer.
5. An existing connection was forcibly closed by the remote host. This
normally happens if the peer application on the remote host is
suddenly stopped, the host is rebooted, or the remote host uses a
hard close. May also result if a connection was broken due to keep-
alive activity detecting a failure while one or more operations are in
progress.
Resolution 1. Verify that your firewall is properly configured.
2. Verify that any proxy server being used by the icssvr application's
host system is not caching for that system.
ERR Key material not found for specified usage
Symptom Attempting to export a keypair.
Possible The keypair doesn't exist yet.
Causes
Resolution 1. Create the keypair with the addkeys command prior to exporting.
2. Run batch addkeys.wo, wait for the message Keypair generated
to appear, and then run batch exportkeys.wo.
49
ERR MDN has reported an error or warning

Symptom Receiving a signed MDN from a trading partner after sending a
transmission.
Possible 1. The application tries to verify the signature of your trading partner,
Causes: but fails. The trading partner's signing-key (.prv file possessed only by
the trading partner) and/or the verify-certificate (.cer file given to
you by your trading partner) may be incongruent.
2. References to either the key or the certificate are incorrect in the
configuration file or in the database, causing the application to not
load the proper key or certificate in the first place.
Resolution 1. Verify that your configuration file is loading your trading partner's
certificate (.cer file) for signature-verification, and can find the
certificate on startup. Also, verify that the trading partner is using the
other half of that keypair for signing (.prv file).
2. Verify that you and your trading partner possess an identical copy of
the trading partner's certificate by comparing the SHA1-checksum or
“Thumb-print”.
3. Remake the key-pair in question.
4. If the error occurs while testing with the nuBridges Selftest Server,
verify that the certificate used for testing has not expired. To
determine this:
a. In the pki folder, double-click NUBRIDGESAS2TEST.cer. Look for
a starting date of 08/18/2003 in the “Valid from” field. Any other
date indicates an expired certificate. You can see a certificate
information example at http://selftest.nubridges.com/
p2ptest/tests/download/validfrom.jpg. The SHA1 “Thumb-
print” of the current nuBridgesAS2TEST.cer file is: 4A6D 04BF
8953 EC74 381A 3FA9 0824 3C1D 1713 1E0C.
b. Download the current nuBridgesAS2TEST.cer from http://
selftest.nubridges.com/nuBridgesAS2TEST.cer, save it in
your nuBridges/pki folder, and click “Yes” when prompted to
overwrite the current certificate.
c. Restart icssvr and continue testing. If the error persists, contact
nuBridges Support.
ERR Value=[processed/error: decryption-failed]
Symptom Your trading partner was unable to decrypt the file you sent.
Possible 1. The private key (.prv file) of the trading partner has become
Causes corrupted.
2. The public key of the trading partner (which you possess) has
become corrupted.
3. An incorrect public key is specified for encrypting for the trading
partner.
Resolution 1. Verify that you are encrypting your transmissions with the valid public
key of your trading partner.
2. Re-acquire the public key from your trading partner, place it in the
pki folder, then restart icssvr.exe.
3. Have the trading partner remake their key pair and send you the
resultant public key (.cer file).
50

ERR Value=[processed/error: unknown trading relationship]
Symptom Your trading partner does not recognize your AS2 name as one of its
trading partners.
Possible 1. Your trading partner has not properly configured your AS2 name as a
Causes trading partner.
2. You have not properly configured your trading partner's AS2 name as
a trading partner.
3. The AS2 name you've called yourself and the AS2 name that your
trading partner considers you to be do not match.
Resolution 1. Verify your AS2 Name with your trading partner. AS2 names are case
sensitive.
2. Verify that your trading partner's AS2 name is properly listed in your
configuration file in the addpair section.
ERR No decryption key defined for relationship
Symptom Attempting to receive a file from a trading partner. May be
accompanied on startup by the error:
ERR Unable to import keys
Possible 1. The private key (.prv file) has not been properly associated with the
Causes relationship for this trading partner in the configuration file.
2. The private key (.prv file) is corrupt and therefore failing to load on
startup.
3. The private key (.prv file) is not where the configuration file expects
it to be; typically, in the pki folder.
Resolution 1. Verify that the configuration file points to a valid private key for the
error-generating relationship.
2. Remake your keypair and redistribute the new public key (.cer file)
to your trading partner.
ERR No signing key defined for relationship
Symptom Attempting to send a file or MDN to a trading partner. May be preceded
by the message:
Possible 1. The private key (.prv file) has not been properly associated with the
Causes relationship for this trading partner in the configuration file.
2. The private key (.prv file) is corrupt and therefore failing to load on
startup.
3. The private key (.prv file) is not where the configuration file expects
it to be; typically, in the pki folder.
Resolution Verify that the configuration file points to a valid private key for the error-
generating relationship.
51
ERR No Verify certificate

Symptom Attempting to receive a file or MDN from a trading partner. May be
preceded on startup by the error:
May be followed by the error:
ERR Unable to verify signature
Possible 1. The public certificate(.cer file) has not been properly associated
Causes with the relationship for this trading partner in the configuration file.
2. The public certificate(.cer file) is corrupt and therefore failing to load
on startup.
3. The public certificate(.cer file) is not where the configuration file
expects it to be; typically, in the pki folder.
Resolution Verify that the configuration file points to a valid public certificate(.cer
file) for the error-generating relationship. Key and certificate file names
are case sensitive.
Not authorized for this computer
P2PE003 Unable to complete authentication
Symptom Attempting to start icssvr.exe from a command prompt.
Possible 1. The hostname of the server does not match the case-sensitive
Causes hostname used by nuBridges to generate your license.
2. The icssvr.lic file was generated on a system other than the one
on which you are attempting to start the application.
Resolution 1. If you have a valid license then delete the icssvr.lic,
icssvr.ini, and icssvr.aut files from the nuBridges folder. Copy
the original icssvr.ini and icssvr.aut from the zip file sent to you
or downloaded from the nuBridges website.
2. Launch icssvr.exe and when prompted for an authorization key,
enter the contents of the icssvr.aut file.
3. If you have moved the icssvr installation to a new machine with a
new hostname, contact nuBridges Support to obtain new license for
that host.
ERR Protocol is not supported for sends
Symptom Attempting to send a file to a trading partner.
Possible 1. An attempt was made to send to a trading partner via an
Causes unsupported protocol.
2. The requested protocol in the send command contains a typo.
Resolution Verify that the target protocol is a supported protocol, such as http,
https, smtp, or ftp.
52
ERR Rename
Possible 1. There is a file in the outbox from a previous attempted send with the
Causes same name as a file that icssvr is trying to send using persistent
send. The system cannot rename the file to a file name that already
exists on the file system.
2. Another application (e.g., Notepad, Wordpad, or your translator) has
the file locked and the operating system will not allow the
Commerce Suite Server to rename the file.
Resolution 1. Manually rename the prefix of file being sent or manually rename the
file blocking the rename.
Note: If you want to automatically delete the file after receiving an

MDN from your trading partner, place a -x argument in the
auto-outbox (persistent send) for the trading partner in the
configuration file; then, restart the software.
2. Determine what application has the file locked. If this is not possible,
the server should be rebooted to stop the application and remove
the lock.
ERR Requested synchronous receipt not returned
Possible 1. In the configuration file, URLs have been used in lieu of IP Addresses
Causes and the operating system cannot resolve the URLs to IP Addresses.
2. The send failed so early in the transaction that the trading partner
didn't have enough information to generate an MDN and return it to
you.
3. The URL specified for the Cyclone trading partner has a trailing slash
after the resource. When in debug mode, this condition would have
the error prefaced by another “error” several lines above it that says
“HTTP Response-Line = (HTTP/1.0 503 Service Unavailable)”
Resolution 1. Verify that the host can resolve its own URL to an IP Address via DNS
or the host file.
2. Contact your trading partner to determine what error is being
experienced at their end. This information may reveal the issue.
3. If the trading partner is using a Cyclone product, verify that the ToURL
has no trailing slash in the icssvr.cfg file.
53
ERR Signature not verified

Possible 1. An incongruity between the trading partner's public key (.cer) and
Causes private key (.prv).
2. You do not have the public key of your trading partner loaded into
memory for signature verification.
3. The filename in the pki folder and the filename referenced in the
configuration file do not match.
Resolution 1. Verify that you are using your trading partner's public key for
signature verification.
2. Verify that the filename in the configuration file matches the filename
in the pki folder.
3. If the problem persists, have the trading partner resend you his public
key and save it in the pki folder.
4. If the problem still persists, have the trading partner remake his key
pair and send you the public key. Save the public key in the pki
folder.
ERR Trading-relationship not found for specified protocol
Symptom Attempting to send to or receive from a trading partner.
Possible The protocol specified for the send command does not exist in the
Causes addpair command in the configuration file. This is usually due to a typo
during a manual send.
Resolution Verify that the command entered to send a file lists the protocol
configured in the addpair command within the configuration file.
ERR Trading relationship not found
-OR-
ERR Unknown trading relationship
Symptom Attempting to receive or send a file.
Possible You attempted to send from an AS2 name or to an AS2 name for which
Causes the system is not configured. AS2 names are case sensitive. This can also
occur on startup if the persistent send has been enabled (auto-outbox).
Resolution 1. Verify that the typed AS2name is the same as listed in the
configuration file.
2. Verify that the AS2 names specified in the persistent send match an
addpair command in the configuration file.
54
ERR Unable to bind socket to port

Symptom Attempting to start icssvr.exe.
Possible 1. The icssvr listener is attempting to start on an IP Address that the
Causes local machine does not control.
2. The icssvr listener is attempting to start on a port that another
application is already occupying.
3. The icssvr is already running when a subsequent instance is
launched.
Resolution 1. Change the IP Address in the Start Services section of the
configuration file to an IP Address that is on the local machine.
2. Verify that no other listeners are already running on the port by typing
netstat -na from the DOS prompt.
3. Verify that icssvr.exe is not already running.
ERR Unable to connect to remote peer
Symptom Attempting to send to a trading partner.
Possible 1. Your license has not been properly installed and you are still running
Causes icssvr in Demonstration mode.
2. The network connection between you and your trading partner is
preventing you from connecting; this could be a down firewall, an
improperly configured firewall at either party's end, or a caching
proxy server is standing between the nuBridges Commerce Suite
Server and the trading partner's AS2 server.
3. The trading partner's software is not currently running.
4. An incorrect URL or IP address has been specified in your
configuration file or database for your trading partner.
Resolution 1. If your console displays “Demonstration Mode” upon startup, delete
the icssvr.ini, icssvr.aut, and icssvr.lic files from your
nuBridges folder and extract icssvr.ini and icssvr.aut from the
original zipped archive acquired from nuBridges Corporation into the
nuBridges folder.
When you start icssvr.exe, you will be asked to enter an
authorization code. Please copy the contents of your icssvr.aut
file and paste it into your console when prompted. (right click on the
title bar and select Edit →Paste). If prompted for the authentication
code on subsequent startups, please verify that the icssvr.aut file
was pasted at the prompted and not the icssvr.ini file.
2. Verify that the trading partner's firewall is forwarding packets bound
for the ToURL to the private IP address beyond the trading partner's
firewall.
If testing with NUBRIDGESAS2TEST, make sure that the URL in the
configuration file is resolving to http://63.140.159.11:4080/ and not
http://63.140.159.17:6080/.
3. Verify through your Network Administrator that the proxy server is not
caching pages for the nuBridges Commerce Suite Server's IP Address.
4. Verify with your Network Administrator that packets going into the
LAN interface on your firewall are getting through the firewall and out
to the Internet interface. You may need your Network Administrator
to “sniff” the router. (They will understand the term “sniff.”)
5. Verify that the trading partner's software is up and running.
55
ERR Unable to create output file <filename>

Symptom Attempting to receive a file from a trading partner.
Possible The system tried to write the file to the path specified in the config file,
Causes but was unable to do so.
Resolution 1. Verify that the path exists on the file system.
2. Verify that the user executing icssvr has write permissions to that
path.
3. Verify that the file <filename> does not already exist.
4. Verify that the file system is not full.
Symptom Attempting to start icssvr.exe.
Possible The keys or certificates specified in the configuration file:
Causes a. May not be in your possession yet.
b. May not be in the pki folder.
c. May not match the name of the files actually listed in the pki
folder.
This error is typically generated when you have not yet received the
public key from your trading partner.
Resolution Verify that the -fC and/or -fK options of the importkey statements in
the configuration file are followed by the relative path of a valid
(C)ertificate or (K)ey.
ERR Unable to open configuration file
Symptom Attempting to execute the batch command by typing:
batch <filename
Possible The argument (<filename>) that was passed to the batch command
Causes does not exist in the path specified. The path is relative to where the
icssvr.exe was launched; typically, the nuBridges folder.
Resolution 1. Verify that the case-sensitive file name of the configuration file has no
typos.
2. Verify that the case-sensitive file name actually exists in the current
directory.
ERR Unable to open outbound file
Possible 1. The file you are trying to send is inaccessible to the icssvr
Causes application. This may be caused by permissions being set to exclude
or not include the username running the icssvr application.
2. The outbound file may not exist in the folder specified in the send
command.
Resolution Verify that the outbound file exists and is in the path specified in the send
command.
56
ERR Unable to store file

Possible 1. The path to the inbox specified in the addpair command of the
Causes configuration file does not exist.
2. The entire target path and filename exceeds 260 characters.
3. The icssvr application does not have the permissions set to allow it
to write to the folder specified in the addpair command of the
configuration file.
Resolution Verify that the permissions are properly set to allow writing to the
specified folder defined in the configuration file for the inbound
relationship.
ERR Unable to write to output file
Symptom Attempting to receive a file from a trading partner.
Possible The application is unable to either create or write to an output file due
Causes to file system prohibitions. The path specified may have read-only
attributes, or the user under which nuBridges Commerce Suite Server
was installed may not have write permissions to the path, or the file
system may be full.
Resolution 1. Verify that the user under which the software was installed has write
permissions to the path specified for the addpair command in the
configuration file.
2. Verify that the specified path does not have read-only attributes.
3. Verify that the file system is not full.
4. Verify that user running nuBridges Commerce Suite Server has the
proper file system permissions.
WRN Certificate expired
-OR-
WRN Certificate before validity period
Symptom Attempting to start nuBridges Commerce Suite and receive several
WRNs (Warnings) on the console or in the log file.
Possible A certificate that nuBridges Commerce Suite is loading is either expired
Causes or is not valid yet.
Resolution Even though the certificate is outside of its validity period, it is still usable.
However, it should be replaced if expired.
1. Determine which certificate is generating the expired error by finding
the certificate's serial number specified in the log file. For example:
WRN Serial No.: 20 02 08 0F 0F 05 06 57 1E FF CB 08 A1
DD C9 14
2. Compare that serial number with the serial number of each
certificate loaded (typically, one of several certificates in the pki
folder). You may examine the serial number of a certificate by
double-clicking the certificate and selecting the Details tab. (The
General tab will most likely indicate that the certificate is untrusted by
the Windows operating system. You can safely ignore this warning.)
3. Select the serial number field and you will see the number in the white
space in the lower half of the window.
4. If the certificate is your own, remake the keypair. If the certificate
belongs to a trading partner, contact that trading partner and ask for
a new certificate.
57
The following table contains numbered error codes and their descriptions. You may
encounter these error codes, in addition to the error messages listed in the previous
table, when working with Commerce Suite.
Error Code Number Error Code Description

Decimal/Hexadecimal
Error Code
4096/1000 Invalid Parameter - An invalid or missing parameter was

IAPI_ERR_BADPARAM found by the application while processing a function.
4097/1001 Memory Allocation Failed - The application was unable to

IAPI_ERR_ALLOCFAIL allocate enough memory to satisfy the need of a program
function.
4098/1002 Thread Serialization Failed - The application was unable to

IAPI_ERR_THREADFAIL create a new process thread. A process thread is a
separate processing context within the application. It is
normal for the application to utilize multiple threads
concurrently. However, an operating system may have
limitations on the number of threads that can be created
for a single process.
4099/1003 Exclusive Lock Failed - The application was not able to

IAPI_ERR_LOCKFAIL grant a thread exclusive access to a resource
(memory,file,database,mailbox). Some resources must be
locked before use so that only one thread can update a
shared resource.
4100/1004 Mailbox Add Failed - An error occurred attempting to add

IAPI_ERR_EDSADD a message to an external mailbox system.
4101/1005 Mailbox Extract Failed - An error occurred attempting to

IAPI_ERR_EDSEXTRACT extract a message from an external mailbox system.
4352/1100 File Search Failed - The application encountered an

FILE_ERR_EXISTSFAIL operating system error while attempting to determine if a
file exists.
4353/1101 File Rename Failed - The application encountered an

FILE_ERR_RENAMEFAIL operating system error while attempting to rename a file.
4354/1102 File Creation Failed - The application encountered an

FILE_ERR_CREATEFAIL operating system error while attempting to create a file.
4355/1103 Temp-File Creation Failed - The application encountered

FILE_ERR_TEMPFAIL an operating system error while attempting to create a
temporary file.
4356/1104 File Deletion Failed - The application encountered an

FILE_ERR_DESTROYFAIL operating system error while attempting to delete a file.
4357/1105 File Open Failed - The application encountered an

FILE_ERROR_OPENFAIL operating system error while attempting to open a file for
read and write access.
4358/1106 File Open-for-Append Failed - The application

FILE_ERR_OPENAPPENDFAIL encountered an operating system error while attempting
to open a file for appending data.
58

Decimal/Hexadecimal
Error Code
4359/1107 File Open-for-Browse Failed - The application

FILE_ERR_OPENBROWSEFAIL encountered an operating system error while attempting
to open a file for browse only.
4360/1108 File Close Failed - The application encountered an

FILE_ERR_CLOSEFAIL operating system error while attempting to close a file.
4361/1109 File Read Failed - The application encountered an

FILE_ERR_READFAIL operating system error while attempting to read from a
file.
4362/110A File Write Failed - The application encountered an

FILE_ERR_WRITEFAIL operating system error while attempting to write to a file.
4363/110B File Position (ftell) Failed - The application encountered an

FILE_ERR_POSFAIL operating system error while attempting to obtain the
current file-pointer position.
4364/110C File Seek Failed - The application encountered an

FILE_ERR_SEEKFAIL operating system error while attempting to move the
current file-pointer position.
4365/110D File End (Seek-to-end) Failed - The application

FILE_ERR_ENDFAIL encountered an operating system error while attempting
to set the file-pointer to the end of a file.
4366/110E File Rewind Failed - The application encountered an

FILE_ERR_REWINDFAIL operating system error while attempting to set the file-
pointer to the beginning of a file.
4608/1200 Zlib Compress (DEFLATE) Failed - The application was

COMPRESS_ERR_DEFLATE unable to compress a message.
4609/1201 Zlib Uncompress (Inflate) Failed - The application was

COMPRESS_ERR_INFLATE unable to uncompress a message.
4864/1300 SHA-1 Hash Function Failed - The application was unable

SHA1_ERR_HASHFILEFAIL to compute a message digest.
5120/1400 Unable to Create Key Pair - The application was unable to

PKI_ERR_CREATEKEYFAIL create an RSA public/private key-pair.
5121/1401 Invalid Certificate Fields - The Certificate sequence was

PKI_ERR_NOCERTSEQ not found in an X.509 certificate
5122/1402 Invalid Certificate Fields - The tbsCertificate sequence was

PKI_ERR_NOTBSSEQ not found in an X.509 certificate.
5123/1403 Invalid Certificate Fields - The tbsCertificate Version

PKI_ERR_NOTBSVERSEQ sequence was not found in an X.509 certificate.

PKI_ERR_NOTBSVERINT integer was not found in an X.509 certificate.

PKI_ERR_BADTBSVER integer is invalid or not supported.
59

Decimal/Hexadecimal
Error Code
5126/1406 Invalid Certificate Fields - The serial-number part of an

PKI_ERR_NOSERNO X.509 certificate could not be found.
5127/1407 Missing Signature Algorithm - The signatureAlgorithm

PKI_ERR_NOSIGALGSEQ sequence of an X.509 certificate could not be found.
5128/1408 Missing SignatureAlgorithm Identifier - The

PKI_ERR_NOSIGALGOID signatureAlgorithm Object Identifier of an X.509 certificate
could not be found.
5129/1409 Invalid SignatureAlgorithm - The signatureAlgorithm of an

PKI_ERR_BADSIGALG X.509 certificate is invalid or not supported.
5130/140A Missing SignatureAlgorithm Parameter - The parameter

PKI_ERR_NOSIGALGRPARAM field of a signatureAlgorithm OID of an X.509 certificate
was not found.
5131/140B Missing Issuer Sequence Field - The Issuer sequence of an

PKI_ERR_NOISSSEQ X.509 certificate could not be found
5132/140C Missing ValidityPeriod Sequence - The ValidityPeriod

PKI_ERR_NOVALSEQ sequence of an X.509 certificate could not be found.
5133/140D Missing ValidityPeriod BeginDate - The ValidityPeriod

PKI_ERR_NOVALBEG BeginDate of an X.509 certificate could not be found.
5134/140E Missing ValidityPeriod EndDate - The ValidityPeriod

PKI_ERR_NOVALEND EndDate of an X.509 certificate could not be found.
5135/140F Missing SubjectName - The SubjectName of an X.509

PKI_ERR_NOSUBSEQ certificate could not be found.
5136/1410 Missing SubjectPublicKeyInfo Sequence - The

PKI_ERR_NOKEYINFOSEQ SubjectPublicKeyInfo sequence of an X.509 certificate
could not be found.
5137/1411 Missing SubjectPublicKeyInfo Algorithm - The

PKI_ERR_NOKEYALGSEQ SubjectPublicKeyInfo Algorithm Sequence of an X.509
certificate could not be found.

PKI_ERR_NOKEYALGOID SubjectPublicKeyInfo Algorithm OID of an X.509 certificate
could not be found.
5139/1413 Invalid SubjectPublicKey Algorithm - The

PKI_ERR_BADKEYALG SubjectPublicKeyInfo Algorithm is invalid or not supported.

PKI_ERR_NOKEYALGPARAM SubjectPublicKeyInfo Algorithm Parameter field is missing.
5141/1415 Missing SubjectPublicKey Bit-String - The SubjectPublicKey

PKI_ERR_NOKEY Bit-String of an X.509 certificate could not be found.
5142/1416 Missing SubjectPublicKey sequence - The

PKI_ERR_NOKEYSEQ SubjectPublicKey RSAPublicKey sequence of an X.509
60

Decimal/Hexadecimal
Error Code
5143/1417 Missing SubjectPublicKey Modulus - The SubjectPublicKey

PKI_ERR_NOMODULUS Modulus Integer of an X.509 certificate could not be
found.
5144/1418 Missing SubjectPublicKey Public Exponent - The

PKI_ERR_NOPUBEXP SubjectPublicKey Public Exponent integer of an X.509
5145/1419 Missing Certificate Extension Sequence - The Extensions

PKI_ERR_NOEXTSSEQ sequence of an X.509 certificate could not be found.
5146/141A Missing Certificate Extension Sequence - An Extension

PKI_ERR_NOEXTSEQ sequence of an X.509 certificate could not be found.
5147/141B Missing Certificate Extension Sequence - An Extension OID

PKI_ERR_NOEXTOID of an X.509 certificate could not be found.
5148/141c Missing Certificate Extension Sequence - An Extension

PKI_ERR_NOEXTOCTSTR Octet-String of an X.509 certificate could not be found.
5149/141D Missing Certificate Extension Sequence - An Extension

PKI_ERR_NOUSAGEVAL Value of an X.509 certificate could not be found.
5150/141E Missing Certificate Name Sequence - The Name sequence

PKI_ERR_NONAMESEQ of an X.509 certificate distinguished-name could not be
found.
5151/141F Missing Certificate Extension Set - The Name set of an X.509

PKI_ERR_NONAMESET certificate distinguished-name could not be found.
5152/1420 Missing AttributeTypeAndValue Sequence - The

PKI_ERR_NOATTRSEQ AttributeTypeAndValue sequence of an X.509 certificate
distinguished-name could not be found.
5153/1421 Missing attributeTypeAndValue OID - The

PKI_ERR_NOATTROID AttributeTypeAndValue OID of an X.509 certificate
5154/1422 Missing AttributeTypeAndValue Value - The

PKI_ERR_NOATTRVAL AttributeTypeAndValue Value of an X.509 certificate
5155/1423 Missing PrivateKey Sequence - The PKCS1 PrivateKey

PKI_ERR_NOPRVSEQ sequence could not be found.
5156/1424 Missing PrivateKey Integer - The PKCS1 PrivateKey version

PKI_ERR_NOPRVVER integer could not be found.
5157/1425 Invalid PrivateKey Value - The PKCS1 PrivateKey version

PKI_ERR_BADPRVVER value is invalid or not supported.
5158/1426 Missing PrivateKey Integer -The PKCS1 PrivateKey Modulus

PKI_ERR_NOPRVMOD integer could not be found.
5159/1427 Invalid PrivateKey Modulus - The PKCS1 PrivateKey

PKI_ERR_BADMOD Modulus is invalid.
61

Decimal/Hexadecimal
Error Code
5160/1428 Missing PrivateKey Public Exponent - The PKCS1 PrivateKey

PKI_ERR_NOPRVPUBEXP Public Exponent could not be found.
5161/1429 Invalid PrivateKey Public Exponent - The PKCS1 PrivateKey

PKI_ERR_BADPUBEXP Public Exponent is invalid.
5162/142A Missing PrivateKey private Exponent - The PKCS1

PKI_ERR_NOPRVPRVEXP PrivateKey Private Exponent is missing.
5163/142B Invalid Key-Pair - The PKCS1 PrivateKey key-pair is not

PKI_ERR_BADKEYPAIR valid.
5164/142C Missing PrivateKey First Prime - The PKCS1 PrivateKey First

PKI_ERR_NOPRVPRIME1 Prime (p) is missing.
5165/142D Missing PrivateKey Second Prime - The PKCS1 PrivateKey

PKI_ERR_NOPRVPRIME2 Second Prime (q) is missing.
5166/142E Missing PrivateKey First Exponent - The PKCS1 PrivateKey

PKI_ERR_NOPRVEXP1 First Exponent (dp) is missing.
5167/142F Missing PrivateKey Second Exponent - The PKCS1

PKI_ERR_NOPRVEXP2 PrivateKey Second Exponent (dq) is missing.
5168/14530 Missing PrivateKey Coefficient - The PKCS1 PrivateKey

PKI_ERR_NOPRVCOEFF Coefficient (qinv) is missing.
5312/14C0 Missing Certificate Request - The application was

PKI_ERR_NOIMPORTEDREQ requested to parse a certificate request, but no request
was found.
5313/14C1 Missing Certificate Request - The Certificate-Request

PKI_ERR_NOREQSEQ sequence of a certificate request message was not found.
5314/14C2 Missing PKI Sequence - The PKI sequence of a certificate-

PKI_ERR_NOPKISEQ request message was not found.
5315/14C3 Missing PKI Object-Identifier - The PKI Object-Identifier of a

PKI_ERR_NOOIDSEQ certificate-request message was not found.
5316/14C4 Missing OID Parameter - The OID Parameter of a

PKI_ERR_NOTRAILNULL certificate-request message was not found.
5317/14C5 Invalid Message-Digest - The decrypted message-digest

PKI_ERR_BADENCBLOCK of a certificate-request signature was not a valid PKCS
Type-1 block
5318/14C6 Invalid Message-Digest - The decrypted message-digest

PKI_ERR_BADSIGN of a certificate-request signature did not match the
message-digest computed by the application.
5319/14C7 Missing Attribute - An Attribute set of a certificate-request

PKI_ERR_NOATTRSET message could not be found.
62

Decimal/Hexadecimal
Error Code
5376/1500 Sockets API Initialization Failed - The application was

SOCKET_ERR_STARTFAIL unable to initialize the sockets API. This error should only
occur on Microsoft Windows platforms as a result of the
WSAStartup function call. This error can occur if the
underlying network software could not properly initialize
during system startup.
5377/1501 Sockets API Finalization Failed - The application was

SOCKET_ERR_STOPFAIL unable to finalize its use of the sockets API on a Microsoft
Windows platform.
5378/1502 Unable to Determine Host-Name - The application was

SOCKET_ERR_GETHOSTNAMEFAIL unable to obtain the current computer's hostname from
the TCP/IP networking software.
5379/1503 Unable to Resolve Host-Name to IP Address - The

SOCKET_ERR_GETHOSTNAMEBYFAIL application was unable to obtain the current computer's
IP address from the TCP/IP networking software.
5380/1504 Unable to Create UDP Socket - The application was unable

SOCKET_ERR_DATAGRAMFAIL to create a socket of type DATAGRAM.
5381/1505 Unable to Create Stream Socket - The application was

SOCKET_ERR_STREAMFAIL unable to create a socket of type STREAM.
5382/1506 Unable to Close Socket - The application was unable to

SOCKET_ERR_CLOSEFAIL close a TCP/IP socket
5383/1507 Unable to Set Socket Blocking Option - The application

SOCKET_ERR_BLOCKFAIL was unable to set a TCP/IP socket to non-blocking mode.
5384/1508 Unable to Send UDP Broadcast - The application was

SOCKET_FAIL_BROADCASTFAIL unable to set a TCP/IP socket to broadcast mode.
5385/1509 Unable to Bind Socket to Address and Port - The

SOCKET_ERR_BINDFAIL application was unable to issue a socket BIND call. The
requested IP address and PORT may already be in use by
another application.
5386/150A UDP Socket recvfrom() Failed - The application was unable

SOCKET_ERR_GETFAIL to issue a socket GET call. UDP requests may be disabled
by the TCP/IP networking software.
5387/150B UDP Socket sendto() Failed - The application was unable

SOCKET_ERR_PUTFAIL to issue a socket PUT call. UDP requests may be disabled
by the TCP/IP networking software.
5388/150C Unable to Listen on Socket - The application was unable to

SOCKET_ERR_LISTENFAIL issue a socket LISTEN call. The socket BIND may have failed.
5389/150D Unable to Accept Connections on Socket - The

SOCKET_ERR_ACCEPTFAIL application was unable to issue a socket ACCEPT call. The
socket BIND may have failed.
63

Decimal/Hexadecimal
Error Code
5390/150E Unable to Get Remote Host Name - The application was

SOCKET_ERR_GETPEERNAMEFAIL unable to obtain the IP address and PORT of the remotely
connected host.
5391/150F Unable to Connect to Remote Host - The application was

SOCKET_ERR_CONNECTFAIL unable to connect to a remote computer. The remote
computer may not be accepting connections or a fire-
wall may be preventing a connection to the remote host.
5392/1510 GetSockName() Failed - The application was unable to

SOCKET_ERR_GETSOCKNAMEFAIL obtain information about the remote computer.
5393/1511 Unable to Read from Socket - The application was unable

SOCKET_ERR_READFAIL to read data from a connected TCP/IP socket. A fire-wall
may be preventing data traffic in an inbound direction
from the remote computer.
5394/1512 Unable to Write to Socket - The application was unable to

SOCKET_ERR_WRITEFAIL write data to a connected TCP/IP socket. A fire-wall may
be preventing data traffic in an outbound direction to the
remote computer.
5632/1600 S/MIME Parsing Errors - The ContentInfo sequence could

CMS_ERR_NOCONINFSEQ not be found in an ASN1-encoded message.
5633/1601 Missing ContentInfo OID - The ContentInfo Object Identifier

CMS_ERR_NOCONINFOID (OID) could not be found in an ASN1-encoded message.
5634/1602 Invalid Object identifier - The Object identifier found in a

CMS_ERR_BADCONINFOID ContentInfo sequence of an ASN1-encoded message is
invalid or is not the expected value.
5635/1603 Missing Content Field - The Content field of the

CMS_ERR_NOCONINFCONTENT ContentInfo sequence of an ASN1-encoded messages
could not be found.
5636/1604 Missing SignedData sequence - The SignedData

CMS_ERR_NOSIGDATSEQ sequence could not be found in an ASN1-encoded
message that has a signedData content type.
5637/1605 Missing SignedDate integer - The SignedData version

CMS_ERR_NOSIGDATVER integer could not be found in an ASN1-encoded message
that has a signedData content type.
5638/1606 Missing digestAlgorithm - The digestAlgorithm set could

CMS_ERR_NOSIGDATALGSET not be found in an ASN1-encoded message that has a
signedData content type.
5639/1607 Missing digestAlgorithm - The digestAlgorithm sequence

CMS_ERR_NOSIGDATALGSEQ could not be found in an ASN1-encoded message that
has a signedData content type.
5640/1608 Missing digestAlgorithm -The digestAlgorithm Object

CMS_ERR_NOSIGDATALGOID Identifier (OID) could not be found in an ASN1-encoded
message that has a signedData content type.
64

Decimal/Hexadecimal
Error Code
5641/1609 Invalid digestAlgorithm - The digestAlgorithm Object

CMS_ERR_BADSIGDATALGOID Identifier found in an ASN1-encoded message is invalid or
not supported.
5642/160A Missing encapsulatedContentInfo Sequence - The

CMS_ERR_NOENCCONINFSEQ encapsulatedContentInfo Sequence could not be found
in an ASN1-encoded message.
5643/160B Missing encapsulatedContentInfo Identifier - The

CMS_ERR_NOENCCONINFOID encapsulatedContentInfo Object Identifier (OID) could
not be found in an ASN1-encoded message.
5644/160C Invalid OID - The encapsulatedContentInfo OID found in

CMS_ERR_BADENCCONINFOID an ASN1-encoded message is invalid or not supported.
5645/160D Missing signerInfo set - The signerInfo set could not be

CMS_ERR_NOSIGINFSET found in an ASN1-encoded message.
5646/160E Missing signerInfo Sequence - The signerInfo sequence

CMS_ERR_NOSIGINFSEQ could not be found in an ASN1-encoded message.
5647/160F Missing signerInfo integer - The signerInfo version integer

CMS_ERR_NOSIGINFVER could not be found in an ASN1-encoded message.
5648/1610 Missing Sequence - The IssuerNameAndSerialNbr

CMS_ERR_NOSIGINFRID sequence could not be found in an ASN1-encoded
message.
5649/1611 Missing digestAlgorithm - The digestAlgorithm sequence

CMS_ERR_NODIGALGSEQ could not be found in an ASN1-encoded message.
5650/1612 Missing digestAlgorithm OID - The digestAlgorithm Object

CMS_ERR_NODIGALGOID Identifier (OID) could not be found in an ASN1-encoded
message.
5651/1613 Invalid AuthenticatedAttributes length - The length of the

CMS_ERR_BADAUTATTLEN AuthenticatedAttributes part of a signedData ASN1-
encoded message is of an indefinite-length, which is not
supported.
5652/1614 Missing AuthenticatedAttributes - The

CMS_ERR_NOAUTATTSEQ AuthenticatedAttributes sequence could not be found in
an ASN1-encoded message.
5653/1615 Missing AuthenticatedAttributes OID - The

CMS_ERR_NOAUTATTOID AuthenticatedAttributes Object Identifier (OID) could not
be found in an ASN1-encoded message.
5654/1616 Missing MessageDigest set - The MessageDigest set could

CMS_ERR_NOMSGDIGEST not be found in an ASN1-encoded message.
5655/1617 Missing MessageDigest octet-string - The MessageDigest

CMS_ERR_NOMSGDIGOCTSTR octet-string could not be found in an ASN1-encoded
message.
65

Decimal/Hexadecimal
Error Code
5656/1618 Missing Attribute set - The Attribute set of an ASN1-

CMS_ERR_NOATTSET encoded message could not be found.
5657/1619 Missing digestEncryptionAlgorithm - The

CMS_ERR_NODIGENCALGSEQ digestEncryptionAlgorithm sequence could not be found
in an ASN1-encoded message.
5658/161A Missing digestAlgorithm OID - The

CMS_ERR_NODIGENCALGOID digestEncryptionAlgorithm Object Identifier (OID) could
not be found in an ASN1-encoded message.
5659/161b Invalid digestEncryptionAlgorithm OID - The

CMS_ERR_BADDINGENCALGOID digestEncryptionAlgorithm OID in an ASN1-encoded
message is invalid or not supported.
5660/161C Missing EncryptedDigest Octet-string - The

CMS_ERR_NOENCDIGOCTSTR EncryptedDigest Octet-String in an ASN1-encoded
message could not be found.
5661/161D Missing Sequence - The EnvelopedData SEQUENCE of an

CMS_ERR_NOENVDATSEQ ASN1-encoded message could not be found.
5662/161E Missing Integer - The EnvelopedData version INTEGER of an

CMS_ERR_NOENVDATVER ASN1-encoded message could not be found.
5663/161F Invalid version - The EnvelopedData version is invalid or not

CMS_ERR_BADENVDATVER supported.
5664/1620 Invalid Version - The Envelopeddata OriginatorInfo was

CMS_ERR_BADENVDATORI found but the ASN1 version is not version 2.
5665/1621 Missing SET - The EnvelopedData RecipientInfos SET of an

CMS_ERR_NORCPINFSET ASN1-encoded message was not found.
5666/1622 Missing Sequence - The EnvelopedData RecipientInfo

CMS_ERR_NORCPINFSEQ SEQUENCE of an ASN1-encoded message was not found.
5667/1623 Missing Integer - The EnvelopedData RecipientInfo Version

CMS_ERR_NORCPINFVER INTEGER was not found.
5668/1624 Invalid version - The EnvelopedData RecipientInfo Version

CMS_ERR_BADRCPINFVER if an ASN1-encoded message is invalid.
5669/1625 Missing Identifier - The EnvelopedData RecipientInfo

CMS_ERR_NORCPINFRID RecipientIdentifier of an ASN1-encoded message was not
found.
5670/1626 Missing Sequence - The EnvelopedData RecipientInfo

CMS_ERR_NOENCALGSEQ keyEncryptionAlgorithm sequence was not found.
5671/1627 Missing Key - RecipientInfo.encryptedContentInfo not

CMS_ERR_NOENCKEYOCTSTR found.
5672/1628 Invalid Sequence - RecipientInfo SEQUENCE is improperly

CMS_ERR_BADRCPINFSEQ formed.
66

Decimal/Hexadecimal
Error Code
5673/1629 Invalid SET - RecipientInfo SET is improperly formed.

CMS_ERR_BADRCPINFSET
5674/162A Missing Sequence -

CMS_ERR_NOENCCONSEQ EnvelopedData.EncryptedContentInfo SEQUENCE not
found.
5675/162B Missing OID - EnvelopedData.EncryptedContentInfo OID

CMS_ERR_NOENCCONOID not found.
5676/162C Invalid OID - Invalid EncryptedContentInfo OID.

CMS_ERR_BADENCCONOID
5677/162D Missing Sequence - EncryptedContentInfo SEQUENCE not

CMS_ERR_NOCONENCALGSEQ found.
5678/162E Missing OID - EncryptedContentInfo OID not found.

CMS_ERR_NOCONENCALGOID
5679/162F Invalid OID - Invalid EncryptedContentInfo OID.

CMS_ERR_BADCONENCALGOID
5680/1630 Invalid Algorithm - Invalid EncryptedContentInfo

CMS_ERR_BADCONENCALG Algorithm.
5681/1631 Missing parameter - Encryption algorithm parameter not

CMS_ERR_NOENCALGPARAM found.
5682/1632 Missing parameter - Invalid encryption algorithm

CMS_ERR_BADENCALGPARAM parameter.
5683/1633 Missing Length - No encryptedContent length.

CMS_ERR_NOENCCONLEN
5684/1634 Missing Content - No encryptedContent.

CMS_ERR_NOENCCONTENT
5685/1635 Missing OCTETSTRING - No encryptedContent

CMS_ERR_NOENCCONOCTSTR OCTETSTRING.
5686/1636 Invalid encryptedContent.

CMS_ERR_BADENCCONTENT
5687/1637 Invalid content-encryption key.

CMS_ERR_BADCONENCKEY
5688/1638 Missing Sequence - CompressedData SEQUENCE not

CMS_ERR_NOCMPDATSEQ found.
5689/1639 Missing Integer - CompressedData.version INTEGER not

CMS_ERR_NOCMPDATVER found.
5690/163A Invalid CompressedData.version.

CMS_ERR_BADCMPDATVER
67

Decimal/Hexadecimal
Error Code
5691/163B Missing Sequence -

CMS_ERR_NOCMPALGSEQ CompressedData.compressionAlgorithm SEQUENCE not
found.
5692/163C Missing OID - CompressedData.compressionAlgorithm

CMS_ERR_NOCMPALGOID OID not found.
5693/163D Invalid OID value - Invalid

CMS_ERR_BADCMPALGOID CompressedData.compressionAlgorithm OID value.
5694/163E No compressed-content length.

CMS_ERR_NOCMPCONLEN
5695/163F No CompressedData.encapContentInfo.eContent OCTET-

CMS_ERR_NOCMPCONOCTSTR STRING.
5696/1640 Invalid compressedContent.

CMS_ERR_BADCMPCONTENT
5697/1641 No compressedData content.

CMS_ERR_NOCMPCONTENT
6400/1900 Expired authentication code - The authentication code

IAUTH_ERR_AUTHCODEEXPIRED entered by the user to license the application has expired.
Authentication codes distributed with the application are
valid for a period that may vary depending on a
customer's license agreement.
6401/1901 Invalid authentication code - The authentication code

IAUTH_ERR_AUTHCODEINVALID entered by the user to license the application is invalid. This
may be caused by a correct code being entered
incorrectly, or a code for another implementation being
used with the wrong copy of the application.
6402/1902 Invalid Length - The initialization file (icssvr.ini) has an invalid

IAUTH_ERR_INIFILEBADLEN length. This can be caused if the icssvr.ini file has been
corrupted or modified such that it is too short to contain a
valid serial-number.
6403/1903 Invalid Length - The license file (icssvr.lic) has an invalid

IAUTH_ERR_LICFILEBADLEN length. This can be caused if the icssvr.lic file has been
corrupted or modified such that it is not the correct length.
For Commerce Suite Version 3.1, the correct length of a
license file is 320 bytes.
7424/1DO0 Invalid FTP response length

IERR_FTPBADRESPLEN
7425/1DO1 No user ID available to send

IERR_FTPNOUSERID
7426/1DO2 No password available to send

IERR_FTPNOPASSWORD
7427/1DO3 No directory path available to send

IERR_FTPNOPATH
68

Decimal/Hexadecimal
Error Code
7428/1DO4 Unexpected FTP response value

IERR_FTPBADRESPVAL
7429/1DO5 Failed to build PORT command

IERR_FTPPORTCMDFAILED
7430/1DO6 No data received from NLST

IERR_FTPNONLSTDATA
7431/1DO7 Invalid data received from NLST

IERR_FTPBADNLSOUTPUT
7432/1DO8 No stored file name

IERR_FTPNOSTOREDFILE
7433/1DO9 Abnormal response to CWD from the FTP server

IERR_FTPCWDFAILED
7434/1DOA Unable to read FTP server response message

IERR_FTPREADFTPSERVERMESSAGE
7435/1DOB Unable to send FTP server command

IERR_FTPSENDFTPSERVERCOMMAND
7436/1DOC Error setting to active mode

IERR_FTPACTIVE
7437/1DOD Error setting to passive mode

IERR_FTPPASSIVE
8448/2100 Missing AS2-From Header - The application detected an

AS2_ERR_NOAS2FROM inbound data stream that did not contain an AS2-From
header within its HTTP headers.
8449/2101 Missing AS2-To Header - The application detected an

AS2_ERR_NOAS2TO inbound data stream that did not contain an AS2-To
header within its HTTP headers.
8450/2102 Invalid AS2-From, AS2-To Combination - The application

AS2_ERR_BADFROMTO detected an inbound data stream that contained a set of
AS2-From and AS2-To headers that represent a relationship
of trading partners that could not be found in the transport
agent's relationship array for the active protocol (HTTP or
HTTPS). This error can occur if the AS2-From and AS2-To
name combination is unknown or invalid or if the transport
agent's relationship array has not been populated by the
Admin agent or by retrieving relationship data from the
database with the getpairs command.
8451/2103 Expected Receipt Not Received - The application did not

AS2_ERR_NORCPT receive a requested receipt (MDN) from a trading partner
within the specified time-limit.
8452/2104 Error Reported in MDN (Receipt) - The application has

AS2_ERR_MDNERR detected that an error was reported by a trading partner
in an MDN received from a trading partner.
69

Decimal/Hexadecimal
Error Code
8453/2105 Unable to decrypt - The application was unable to decrypt

AS2_ERR_DECRYPTFAIL an encrypted message received from a trading partner.
This can be caused by applying a private-key to the
decryption process that does not correspond to the
public-key in the certificate that was used to encrypt the
data by the trading partner.
8454/2106 Unable to verify signed message - The application was

AS2_ERR_VERIFYFAIL unable to verify a signed message received from a trading
partner. This can be caused by applying a public-key from
a certificate to the verification process that does not
correspond to the private-key that was used to sign the
data by the trading partner.
8455/2107 Unable to decompress a message - The application was

AS2_ERR_DECOMPRESSFAIL unable to decompress a message received from a trading
partner. This can be caused if the sender of the message
used a different compression algorithm than the ZLIB
algorithm interoperability-tested by AS2 vendors.
8456/2108 Invalid IP address - The application determined that the

AS2_ERR_BADURL destination Internet-Protocol (IP) address for a trading
partner is invalid before attempting to connect to the
trading partner. This can be caused by an invalid or
incorrect To-URL value in the database. This can also be
caused by a failure of the underlying network's DNS
(Domain Name Service) to resolve an Internet host name
to a dot-notated address.
8457/2109 Unable to process MIME Header - The application cannot

AS2_ERR_BADHEADERLEN process a MIME header because it exceeds the currently
supported maximum-length for a MIME header. For
Commerce Suite Version 3.1 the maximum header length
is 512 characters.
8458/210A AS2 Error - No certificate - Encryption was specified, but a

AS2_ERR_NOCERTIFICATE certificate does not exist.
8459/210B AS2 Error - HTTP response codes ignored - Trading partner

AS2_ERR_NONHTTP2XX rejected the transaction for some reason.
70
Appendix C: Database Schema for
Commerce Suite Deployments
Introduction .................................................................................................... 72
Database Schema Tables .............................................................................. 72
accesscategory.................................................................................................................72
agentrole...........................................................................................................................72
as2name ...........................................................................................................................72
certkey ..............................................................................................................................73
cipher ................................................................................................................................73
compression .....................................................................................................................73
email .................................................................................................................................74
errorcode ..........................................................................................................................74
filenamehist.......................................................................................................................74
grouppermission ...............................................................................................................74
hash ..................................................................................................................................75
icssysinfo ..........................................................................................................................75
keyencryption....................................................................................................................75
keypair ..............................................................................................................................76
keyusagecode...................................................................................................................76
notice ................................................................................................................................77
opdescription ....................................................................................................................78
org.....................................................................................................................................78
orgtpcert............................................................................................................................79
p2proute............................................................................................................................79
permission ........................................................................................................................80
protocolcode .....................................................................................................................80
relationship .......................................................................................................................80
server................................................................................................................................81
servercomputer.................................................................................................................81
sscipher ............................................................................................................................81
sscompression..................................................................................................................81
sshash ..............................................................................................................................82
sskeyencryption ................................................................................................................82
tp.......................................................................................................................................82
tporgstatus ........................................................................................................................83
tpurl...................................................................................................................................84
usergroup..........................................................................................................................84
userlogin ...........................................................................................................................85
workorder..........................................................................................................................85
Introduction
Introduction
This appendix illustrates the database schema used by Commerce Suite during
database creation. The database schema consists of tables and the appropriate fields
related to each table. These tables are created when the SQL scripts are implemented
during database setup. The SQL scripts are contained in the Commerce Suite install
package.
Database Schema Tables

The database schema field and data type information for each database table is listed in
alphabetical order below.
accesscategory
FIELD DATA TYPE
id Integer
categorykey Char(10)
description Char(40)
agentrole
FIELD DATA TYPE
agentroleid Char(1)
agentrolename Char(30)
as2name
FIELD DATA TYPE
id Integer
as2name Char(32)
tpid Integer
orgid Integer
72
certkey
FIELD DATA TYPE
certkeyid Integer
validfrom Char(14)
validto Char(14)
keyusage Char(1)
subjectname VarChar(512)
issuername VarChar(512)
serialnbr VarChar(255)
certdata VarChar(4000)
keydata VarChar(2000)
cipher
FIELD DATA TYPE
id Integer
cipherid Integer
tpid Integer
orgid Integer
compression
FIELD DATA TYPE
id Integer
compressionid Integer
tpid Integer
orgid Integer
73
email
FIELD DATA TYPE
id Integer
email VarChar(50)
isdefault Char(1)
tpid Integer
orgid Integer
errorcode
FIELD DATA TYPE
errcode Integer
errtext VarChar(1000)
filenamehist
FIELD DATA TYPE
as2fromname VarChar(32)
filename VarChar(255)
timestamp VarChar(14)
grouppermission
FIELD DATA TYPE
id Integer
groupid Integer
permissionkey Char(20)
74
hash
FIELD DATA TYPE
id Integer
hashid Integer
tpid Integer
orgid Integer
icssysinfo
FIELD DATA TYPE
tcmversion Char(10)
tcmbuilddatetime Char(14)
dbtype Char(10)
schemaversion Char(10)
schemabuilddatetime Char(14)
keyencryption
FIELD DATA TYPE
id Integer
keyencryptionid Integer
tpid Integer
orgid Integer
75
keypair
FIELD DATA TYPE
fromname Char(32)
toname Char(32)
keyusage Char(1)
pending Char(1)
encrypted Char(1)
status Char(1)
certkeyid Integer
certfile VarChar(255)
keyfile VarChar(255)
keyusagecode
FIELD DATA TYPE
keyusagecode Char(1)
usagestring VarChar(50)
keyusagenbr SmallInt
description Char(20)
76
notice
FIELD DATA TYPE
noticeid Char(22)
opcode Char (8)
fromname Char(32)
toname Char(32)
notifyname Char(40)
msgid VarChar(255)
subject Char(64)
msgdigest Char(28)
begintime Char(14)
endtime Char(14)
agentrole Char(1)
batchnumber Integer
bytesincount Integer
bytesoutcount Integer
errcode Integer
filesize Integer
srcipaddress Char(15)
destipaddress Char(15)
srcipport SmallInt
destiport SmallInt
attemptcount SmallInt
attemptlimit SmallInt
origfilename VarChar(255)
agentname VarChar(20)
sendparams VarChar(255)
errtext VarChar(255)
storedfile Varchar(255)
origtxnid Char(10)
taskid Char(10)
payload VarChar(255)
77
opdescription
FIELD DATA TYPE
opcode Char(8)
opdescription VarChar(50)
org
FIELD DATA TYPE
orgid Integer
orgname VarChar(128)
status Char(1)
type Char(1)
parentid Integer
sterlingconnectenterprise Char(1)
foldheader Char(1)
sslcompression Char(1)
contexttxcoding Char(1)
sendmdn Char(1)
sendmdnsyn Char(1)
signmdn Char(5)
address1 VarChar(100)
city VarChar(50)
state VarChar(50)
postalcode Char(20)
country VarChar(50)
region VarChar(50)
pcname VarChar(50)
pctitle VarChar(50)
pcemail VarChar(50)
pcphone Char(20)
pcphoneext Char(10)
78
FIELD DATA TYPE

pcpager Char(20)
pcpagerpin Char(10)
pcmobil Char(20)
scname VarChar(50)
sctitle VarChar(50)
scemail VarChar(50)
scphone Char(20)
scphoneext Char(10)
scpager Char(20)
scpagerpin Char(10)
scmobil Char(20)
orgtpcert
FIELD DATA TYPE
id Integer
certkeyid Integer
serialnbr VarChar(150)
status Char(1)
keysusagevalidcd Char(2)
orgid Integer
tpid Integer
p2proute
FIELD DATA TYPE
fromname VarChar(64)
toname VarChar(64)
p2pcondition VarChar(255)
filter VarChar(255)
url VarChar(255)
79
permission
FIELD DATA TYPE
id Integer
category Char(10)
permissionkey Char(15)
description VarChar(100)
displayorder Integer
protocolcode
FIELD DATA TYPE
protocolid Integer
protocol Char(10)
relationship
FIELD DATA TYPE
fromname VarChar(32)
toname VarChar(32)
protocol Integer
notifyname Char(40)
inbox Char(40)
tourl VarChar(255)
rcpturl VarChar(255)
sendparams VarChar(255)
hashoption Integer
cipheroption Integer
compressionoption Integer
requestreceipt Char(1)
asyncreceipt Char(1)
receipthashoption Integer
fromorgid Integer
fromtpid Integer
toorgid Integer
totpid Integer
id Integer
80
server
FIELD DATA TYPE
agentname Char(20)
peergroup Char(1)
agentrole Char(1)
url VarChar(255)
controlurl VarChar(255)
orgid Integer
servercomputer
FIELD DATA TYPE
id Integer
computername Char(50)
orgid Integer
sscipher
FIELD DATA TYPE
id Integer
ciphername VarChar(50)
isdefault Char(1)
sscompression
FIELD DATA TYPE
id Integer
compressionname VarChar(50)
isdefault Char(1)
81
sshash
FIELD DATA TYPE
id Integer
hashnname VarChar(50)
isdefault Char(1)
sskeyencryption
FIELD DATA TYPE
id Integer
keyencryptionname VarChar(50)
isdefault Char(1)
tp
FIELD DATA TYPE
tpid Integer
tpname VarChar(128)
status Char(1)
sterlingconnectenterprise Char(1)
addressnote VarChar(100)
city Char(40)
state Char(40)
postalcode Char(20)
country Char(50)
bcname Char(40)
bctitle Char30)
bcdept VarChar(50)
bcphone Char(20)
bcmobil Char(20)
82
FIELD DATA TYPE

bcpager Char(20)
bcemail VarChar(50)
tcname Char(40)
tctitle Char(30)
tcdept VarChar(50)
tcphone Char(20)
tcmobil Char(20)
tcpager Char(20)
tcemail VarChar(50)
ocname Char(40)
octitle Char(30)
ocdept VarChar(50)
ocphone Char(20)
ocmobil Char(20)
ocpager Char (20)
ocemail VarChar(50)
commtype Char(10)
foldheader Char(1)
sslcompression Char(1)
contexttxcoding Char(1)
sendmdn Char(1)
sendmdnsyn Char(1)
signmdn Char(5)
tporgstatus
FIELD DATA TYPE
id Char(1)
Status Char(10)
83
tpurl
FIELD DATA TYPE
id Integer
protocol Char(5)
server VarChar(128)
port Char(100)
urlresource VarChar(100)
isdefault Char(1)
tpid Integer
orgid Integer
usergroup
FIELD DATA TYPE
groupid Integer
groupname VarChar(75)
description VarChar(100)
orgid Integer
84
userlogin
FIELD DATA TYPE
userid Integer
firstname Char(30)
middleinitial Char(1)
lastname Char(30)
title Char(30)
phone Char(20)
mobil Char(20)
pager Char(20)
email VarChar(50)
pager2 Char(20)
email2 VarChar(50)
login Char(20)
password Char(20)
orgid Integer
groupid Integer
workorder
FIELD DATA TYPE
workorderid Integer
fromname Char(32)
toname Char(32)
notifyname Char(40)
status Char(1)
statustime Char(14)
begintime Char(14)
endtime Char(14)
batchnumber Integer
command VarChar(255)
85
Glossary
A using the hypertext transmission protocol (HTTP)

instead of the simple mail transport protocol (SMTP) as
the transport protocol.
Active Mode
Asymmetric Cryptographic Algorithm
Refers to an FTP Transport Agent. Active mode is
beneficial to the FTP server, but not the client. In A cryptographic algorithm that uses two related keys,
Active mode, the FTP server attempts to make a public-key and a private-key. The two keys have the
connections to random high ports on the client, which property that, given the public key, it is
may be blocked by a firewall on the client side. computationally infeasible to derive the private key.
Attack
Agent
An attempt to subvert or bypass a system’s security,
An instance of the Commerce Suite Server Version 3
which may or may not be successful. Attacks may be
application configured to provide services to a
active or passive. An active attack attempts to alter
particular role, i.e. Administrator, Transport, or Router.
or destroy data. A passive attack attempts to
Administrator Agent intercept and read data without altering it.
An instance of the Commerce Suite Server Authentication
application configured to provide administrative
services including the remote configuration of Ensures the accurate identification of both the sender
Transport and Router Agents and access to centrally and the receiver. Authentication is accomplished
located configuration data. using digital signatures.
Application Service
See Service. B
AS1
A draft specification first published in the Internet B2B
Engineering Task Force (IETF) standard’s track. AS See Business to Business Commerce.
stands for Applicability Statement and is a
specification about how to transport data, not how to BASE64 Encoding
validate or process data. AS1 provides an Internet Base64 encoding takes three bytes, each consisting
solution for securely exchanging EDI and XML over the of eight bits, and represents them as four printable
Internet using SMTP. characters in the ASCII standard. This is done using
essentially two steps:
AS2 1) Convert three bytes to four numbers of six bits.
A draft specification first published in the Internet Each character in the ASCII standard consists of
Engineering Task Force (IETF) standard’s track. AS seven bits. Base64 only uses 6 bits (corresponding
stands for Applicability Statement and is a to 2^6 = 64 characters) to ensure encoded data is
specification about how to transport data, not how to printable and humanly readable. None of the
validate or process data. AS2 specifies the means to special characters available in ASCII are used. The
connect, deliver, validate, and reply to (receipt) data 64 characters are 10 digits, 26 lowercase charac-
in a secure and reliable way. AS2 provides an Internet ters, 26 uppercase characters as well as '+' and '/'.
solution for securely exchanging EDI over the Internet
Glossary, continued
2) Convert these numbers to ASCII characters us- Certificate Policy

ing the Base64 encoding table. When a CA issues a certificate, it is stating to a
This process is applied to the whole sequence of bytes certificate user that a particular public-key is bound to
that are encoded. To ensure the encoded data can a particular entity. Different certificates are issued with
be properly printed and does not exceed any mail different practices and procedures, and may be
server's line length limit, newline characters are suitable for different applications or purposes.
inserted to keep line lengths below 76 characters. The
newline characters are encoded like all other data. Certificate Revocation List
A list of public Keys that a Certificate Authority has
Business to Business Commerce revoked before their scheduled expiration dates.
Commercial transactions enacted between Clear Text
businesses and individuals. Historically, electronic
The unencrypted, readable text of a message.
business to business commerce has been handled via
Electronic Data Interchange, but recently months Cipher
have seen eXtensible Markup Language gain in
A key-selected transformation between plaintext and
popularity.
ciphertext. An algorithm for putting a message into
code by transposition and/or substitution of symbols.
C Compression
The ability to represent data in forms that take less
storage than the original. The limit to this is the amount
CA of uniqueness in the data. It is not possible to compress
See Certificate Authority. everything down to a single byte, because a byte can
only select 256 different results. Data compression is
Certificate either “lossy,” in which some information is lost, or
An electronic document that verifies that the owner “lossless,” in which all of the original information can be
has a relationship with parties involved in a transaction, completely recovered.
such as a Cardholder that has a relationship with an
issuing bank or merchant that has a relationship with Communications Protocol
an acquiring bank. A certificate authorizes its owner to All communications between devices require that the
perform certain tasks and authenticates the owner to devices agree on the format of the data. The set of
other parties in the transaction, assuring that the party rules defining a format is called a protocol. At the very
presenting the certificate is the same party to which it least, a communications protocol must define the
was originally issued. following:
Certificate Authority • rate of transmission (in baud or bps)

The party which issues, renews, and revokes • whether transmission is to be synchronous or
Certificates. The SET protocol provides for a hierarchy asynchronous
of certificate authorities. The Root CA issues
• whether data is to be transmitted in half-duplex
certificates to brand CAs. Brand CAs, in turn, issue
or full-duplex mode.
certificates to EECAs, which issue certificates to
Cardholders, Merchants, and Payment Gateways. In addition, protocols can include sophisticated
Optionally, a brand CA may issue certificates to techniques for detecting and recovering from
geopolitical CAs, which are responsible for issuing transmission errors and for encoding and decoding
certificates to end entity CAs in specific geographic or data.
political areas. The the SET protocol, certificates are
Confidentiality
validated by following their signature chains up the
hierarchy of trust to the root CA. Information is not made available or disclosed to
unauthorized individual, entities, or processes.
87
Glossary, continued
Configuration File
A text file containing one or more Console Command
D
statements. A Configuration File can be processed
automatically by the Commerce Suite Server Data Compression
application upon startup if it is named icssvr.cfg and Storing data in a format that requires less space than
stored in the same directory location as the usual. Compressing data is the same as packing data.
Commerce Suite Server executable program. A Data compression is particularly useful in
Configuration File can also be processed if the -f communications because it enables devices to
parameter is entered as a run-time program argument transmit the same amount of data in fewer bits.
or as a console command.
Database
Control Address
A structure to store data, usually as elements, so that a
The IP address portion of the IP Address and Port used variety of applications can use it, unlike the traditional
by the Commerce Suite Server Transport and Router file structure requiring different files for each
Agents to listen for incoming control messages from a application.
supervising Administrative Agent; configured using the
-ca Set Option. Data Integrity
The property that signifies that data is not altered,
Control Port
destroyed, or otherwise compromised.
The IP Port portion of the IP Address and Port used by
the Commerce Suite Server Transport and Router DBMS
Agents to listen for incoming control messages from a See Database Management System.
supervising Administrative Agent. Configured using the
-cp Set Option. DEFLATE
Specifies the DEFLATE compression algorithm used to
Control Service
reduce the file transfer overhead. The DEFLATE
The set of application tasks which execute within the compression algorithm is a lossless compressed data
context of a thread of execution to process incoming format that compresses data using a combination of
commands being sent by an Administrator Agent. The the LZ77 algorithm and Huffman coding.
Control Service is required by Commerce Suite Server
Agents acting in the Transport or Router Role, if the Delivery Notification
Agent is being remotely configured.
A message formatted according to (AS2) that is sent to
a sending host computer to indicate the disposition of
CRL
a received message. The format of Delivery
See Certificate Revocation List. Notifications used by Commerce Suite Server is the
Message Delivery Notification. or MDN, as defined in
Cryptography
MDN.
The process of protecting information by transforming
it into an unreadable format. The information is DES
encrypted using a Key, which makes the data See Digital Encryption Standard.
unreadable, and is then decrypted later when the
information needs to be used again. Diffie-Hellman Key Exchange Algorithm
A cryptographic technique that enables sending and
Cypher Text
receiving parties to derive a shared, secret key at both
Data that has been transformed from a plaintext form ends without disclosing it to a potential attacker. Using
into encrypted text (an unreadable form) using an a common modulus and base, both sides use a
encryption process. different random number as a power to perform a
modular exponentiation. The results are sent to each
88
Glossary, continued
other. The receiving party raises the received number the signature. Each signatory has a public and private
to the same random power they used before and the key. The private key is used in the signature generation
results are the same on both sides. process and the public key is used in the signature
verification process.
Digital Certificate
A document that contains name, serial number,
expiration dates and a copy of the owner’s public key;
used to encrypt data and validate signatures. E
Digital Encryption Standard EDI
A Private Key Encryption standard approved by the US See Electronic Data Interchange.
Government for encryption of data when
implemented in hardware. Uses 56-bit encryption. Electronic Commerce
Digital Envelope A term for conducting commercial transactions

electronically, usually involving the exchange of
The encrypted private Key that is used to decode an payment between two parties. Unlike EDI,
accompanying encrypted message. The sender’s eCommerce recognizes the need for some human to
software first randomly generates the private key and human communication.
uses it to encrypt the message data. The software then
encrypts the private key itself using the recipient’s Electronic Data Interchange
public key. The message and digital envelope (the
The transfer of data between different companies
encrypted key) are sent to the recipient. The recipient
using networks, such as the Internet. As more and more
then uses his own private key to decrypt the message
companies get connected to the Internet, EDI is
envelope and then uses the decrypted private key to
becoming increasingly important as an easy
decode the actual message.
mechanism for companies to buy, sell, and trade
information. ANSI has approved a set of EDI standards
Digital Signature
known as the X12 standards.
A digital code that can be attached to an
electronically transmitted message that uniquely EDIINT
identifies the sender. Like a written signature, the
EDI Over the Internet Working Group - a working group
purpose of a digital signature is to guarantee that the
of the IETF that developed the AS1 and AS2 proposed
individual sending the message really is who he or she
standards.
claims to be. Digital signatures are especially
important for electronic commerce and are a key Encryption
component of most authentication schemes. To be
A process that uses a mathematical algorithm and a
effective, digital signatures must be unforgeable.
key to transform data into an unreadable format
There are a number of different encryption techniques
(called cyphertext). A receiver can then use a key to
to guarantee this level of security.
restore the data to its original content.
Document Digest
Enterprise
A unique “fingerprint” summary (128 or 160 bits long) of
Literally, a business organization. In the computer
an input file. It is used to create a digital signature and
industry, the term is often used to describe any large
to ensure that the file has not been altered. It is also
organization that utilizes computers. An intranet, for
called a hash and is produced by a checksum
example, is a good example of an enterprise
program that processes a file.
computing system.
DSS
Specifies the Digital Signature Algorithm (DSA) for
digital signature generation and verification. The DSA
is used by a signatory to generate a digital signature
on data and by a verifier to verify the authenticity of
89
Glossary, continued
Extranet In practice, many firewalls use two or more of these

Extension of control beyond internal web infrastructure techniques in concert. A firewall is considered a first
to allow business partners and other trusted line of defense in protecting private information. For
organizations to interact in a controlled, trusted further security, data can be encrypted.
environment.
Forgery
eXtensible Markup Language Fabrication of information and/or the claim that such
A method for creating data formats that can be information was received from an individual, entity, or
shared on the World Wide Web. process that did not originate it.
F G
FIPS Graphical User Interface
Federal Information Processing Standard. A GUI (usually pronounced GOO-ee) is a graphical
user interface that takes advantage of the computer's
Firewall graphics capabilities to make the program easier to
A system designed to prevent unauthorized access to use. Well-designed graphical user interfaces can free
or from a private network, usually unauthorized access the user from learning complex command languages.
from the Internet into a private network. Firewalls can On the other hand, many users find that they work
be implemented in both hardware and software, or a more effectively with a command-driven interface,
combination of both. Firewalls are frequently used to especially if they already know the command
prevent unauthorized Internet users from accessing language.
private networks connected to the Internet, especially
GZIP
intranets. All messages entering or leaving the intranet
pass through the firewall, which examines each Specifies a lossless compressed data format that is
message and blocks those that do not meet the compatible with the widely used GZIP utility. This format
specified security criteria. includes a cyclic redundancy check value for
detecting data corruption.
There are several types of firewall techniques:
• Packet filter: Looks at each packet entering or
leaving the network and accepts or rejects it
based on user-defined rules. Packet filtering is H
fairly effective and transparent to users, but it is
difficult to configure. In addition, it is susceptible Hash
to IP spoofing.
A hash value (or simply hash) is a number generated
• Application gateway: Applies security from a string of text. The hash is substantially smaller
mechanisms to specific applications, such as than the text itself, and is generated by a formula in
FTP and Telnet servers. This is very effective, but such a way that it is extremely unlikely that some other
can impose a performance degradation. text will produce the same hash value. Hashes play a
role in security systems where they're used to ensure
• Circuit -level gateway: Applies security
that transmitted messages have not been tampered
mechanisms when a TCP or UDP connection is
with. The sender generates a hash of the message,
established. Once the connection has been
encrypts it, and sends it with the message itself. The
made, packets can flow between the hosts
recipient then decrypts both the message and the
without further checking.
hash, produces another hash from the received
• Proxy server: Intercepts all messages entering message, and compares the two hashes. If they're the
and leaving the network. The proxy server same, there is a very high probability that the message
effectively hides the true network addresses. was transmitted intact.
90
Glossary, continued
HTTP Interface
See Hypertext Transfer Protocol. A mechanism through which outside components
interact with software.
Hypertext Transfer Protocol
Hypertext Transfer Protocol (HTTP) is the underlying Interoperability
protocol used by the World Wide Web. HTTP defines The ability of software and hardware on different
how messages are formatted and transmitted, and machines from different vendors to share data.
what actions Web servers and browsers should take in
response to various commands. Interrogation
To ask a computer or network for information.
I Intranet
An internal network based on web servers that use
Internet protocols and technology. A network based
IETF on TCP/IP protocols (an internet) belonging to an
Internet Engineering Task Force - The Internet organization, usually a corporation, accessible only by
Engineering Task Force is a large, open, international the organization’s members, employees, or others with
community of network designers, operators, vendors, authorization. An intranet’s Web sites look and act just
and researchers concerned with the evolution of the like any other Web sites, but the firewall surrounding an
Internet architecture and the smooth operation of the intranet fends off unauthorized access.
Internet.
IP
In-Beacon Service Abbreviation for Internet Protocol, pronounced as two
The set of application tasks that execute within the separate letters. IP specifies the format of the packets,
context of a single application thread to receive UDP also called datagrams, and the addressing scheme.
packets sent by one or more Transport Agents. Most networks combine IP with a higher-level protocol
Commerce Suite Server Agents configured for the called Transport Control protocol (TCP), which
Router Role (Router Agents) use the In-Beacon Service establishes a virtual connection between a destination
to collect these UDP packets to maintain current and a source.
information about active Transfer Agents on the local IP by itself is something like the postal system. It allows
network segment. you to address a package and drop it in the system,
but there’s no direct link between you and the
Inbound Service recipient. TCP/IP, on the other hand, establishes a
One or more sets of application tasks that execute connection between two hosts so that they can send
within the context of one or more threads of execution messages back and forth for a period of time.
to process incoming data being sent by a remote host
computer. The Inbound Service consists of, at least, IP Address
one inbound thread listening for incoming TCP/IP An identifier for a computer or device on a TCP/IP
connections on a particular protocol (HTTP or HTTPS). network. Networks using the TCP/IP protocol route
The Inbound Service creates an Inbound Session messages based on the IP address of the destination.
thread for each separate incoming connection. Each The format of an IP address is a 32-bit numeric address
discrete protocol is serviced by a separate Inbound written as four numbers separated by periods. Each
Main thread, which is assigned a unique IP address number can be zero to 255. For example, 1.160.10.240
and port on which to listen for incoming connections. could be an IP address.
within an isolated network, you can assign IP addresses
Integrity at random as long as each one is unique. However,
Ensures that data is not tampered with or corrupted in connecting a private network to the Internet requires
transit. Integrity is accomplished using document using registered IP addresses (called Internet
digests and digital signatures. addresses) to avoid duplicates.
91
Glossary, continued
The four numbers in an IP address are used in different Lightweight Directory Access Protocol (LDAP)
ways to identify a particular network and a host on A set of protocols for accessing information directories.
that network. The InterNIC Registration Service assigns LDAP is based on the standards contained within the
Internet addresses from the following three classes: X.500 standard, but it is significantly simpler. And unlike
• Class A: supports 16 million hosts on each of 127 X.500, LDAP supports TCP/IP, which is necessary for any
networks. type of Internet access. Because it is a simpler version
of X.500, LDAP is sometimes called X.500-lite. Although
• Class B: supports 65,000 hosts on each of 16,000 not yet widely implemented, LDAP should eventually
networks. make it possible for almost any application running on
• Class C: supports 254 hosts on each of 2 million virtually any computer platform to obtain directory
networks. information, such as email addresses and public keys.
Because LDAP is an open protocol, applications need
The number of unassigned Internet addresses is
not worry about the type of server hosting the
running out, so a new classless scheme called CIDR is
directory.
gradually replacing the system based in classes A, B,
and C, and is tied to adoption of IPv6. Local Area Network (LAN)
A group of computers, printers, and file servers linked
together in a single building in order to share resources.
K
Key M
A password or table needed to decipher encoded
data. MD5
Key Encryption Specifies the Message Digest Algorithm used to verify
a file’s integrity. The MD-5 is a one-way algorithm that
The translation of data into a secret code. Encryption
takes any length of data and produces a 128-bit
is the most effective way to achieve data security. To
“fingerprint” or “message digest”. This fingerprint is
read an encrypted file, you must have access to a
“non-reversible”, meaning that the data cannot be
secret key or password that enables you to decrypt it.
determined based on its MD-5 fingerprint.
Unencrypted data is called plain text; encrypted data
is referred to as cipher text. There are two main types Message
of encryption: asymmetric encryption (also called
public-key encryption) and symmetric encryption. A communication containing one or more
transactions or related information.
Key Management
Message Digest
The generation, storage, secured distribution and
A mathematical value unique to a message, created
application of keying material in accordance with a
by running the message through the SHA1 hash
security policy.
function. The resulting message digest is then
Key Pair encrypted using the sender’s private key and then
appended to the message as the Digital Signature.
In public key cryptography, a public key and its
corresponding private key. Message Disposition Notification (MDN)
A Message Disposition Notification (MDN) message is a
response message defined to ensure the secure
L reliable delivery of messages for AS1 and AS2
protocols.
LDAP
See Lightweight Directory Access Protocol.
92
Glossary, continued
MIME Non-repudiation of Receipt

Multipurpose Internet Mail Extension - MIME is a Confirms that the intended party received the data.
specification for enhancing the capabilities of This is accomplished using digital signatures and
standard Internet electronic mail. It offers a simple signed MDNs.
standardized way to represent and encode a wide
variety of media types for transmission using Internet
mail.
O
N ODBC
See Open Database Connectivity.
Network Open Database Connectivity

Two or more computers connected by a A standard database access method developed by
communications protocol, allowing transfer of Microsoft Corporation. The goal of ODBC is to make it
information (voice or data), from one to another. There possible to access any data from any application,
are many types of computer networks, including: regardless of which Database Management System
(DBMS) is handling the data.
• local-area networks (LAN): The computers are
geographically close together (that it, in the
Out-Beacon Service
same building).
The set of application tasks that execute within the
• wide-area networks (WAN): The computers are context of a single thread of execution to periodically
farther apart and are connected by telephone transmit a small packet of data identifying the
lines or radio waves. Transport Agent to one or more Router Agents. The
In addition to these types, the following characteristics Out-Beacon Service emits a UDP packet containing
are also used to categorize different types of networks: the IP Addresses and Ports on which the Agent is
currently listening. Router Agents collect these packets
• topology: The geometric arrangement of a to dynamically build a current list of Transport Agents
computer system. Common topologies include to which inbound data can be routed for processing.
a bus, star, and ring.
• protocol: The protocol defines a common set of Outbound Service
rules and signals that computers on the network The set of application tasks that execute within the
use to communicate. One of the most popular context of one or more threads of execution to
protocols for LANs is called Ethernet. Another process requests for outgoing message delivery. The
popular LAN protocol for PCs is the IBM token- Outbound service consists of, at least, the main
ring network. outbound thread that processes send transactions
from the Outbound Queue. The main outbound
• architecture: Networks can be broadly classified
thread creates an Outbound Session thread for each
as using either a peer-to-peer or client/server
separate send request.
architecture.
Computers on a network are sometimes called nodes. O/S
Computers and devices that allocate resources for a Operating system, controls hardware and software
network are called servers. allowing application processing to take place.
NIST
National Institute of Standards and Technology. A part
of the U.S. Department of Commerce, formerly called
the National Bureau of Standards, that defines
standards for voice, data, and video transmissions,
encryption, and other kinds of technology.
93
Glossary, continued
P The PKI Service implements the nuBridges Zero-

Administration PKI architecture, to facilitate the
automated renewal of public-key certificates.
Passive Mode
Plain Text
In Passive mode, the client will make both connections
to the server, but one of them will be to a random high Unencrypted data.
port, which would almost certainly be blocked by a
Port
firewall on the server side.
A specific communications end-point to a logical
Since FTP servers need to be accessible to the greatest connection and the way a client program specifies a
number of clients, most administrators need to support specific server program on a computer in a network.
passive FTP. The exposure of high level ports on the
server can be minimized by specifying a limited port Privacy
range for the FTP server to use.
Ensures that only the intended receiver can view the
PKCS data. This is accomplished using a combination of
encryption algorithms and message packaging.
See Public-Key Cryptography Standards.
Private Key
PKCS #1 RSA Cryptography Standard
A value known only to the owner, used to create a
The PKCS#1 standard provides recommendations for
signature and decrypt data encrypted by its
the implementation of public-key cryptography based
corresponding public key.
on the RSA algorithm, covering the following aspects:
cryptographic primitives; encryption schemes; Private Key Cryptography
signature schemes with appendix; ASN.1 syntax for
An encryption method which uses a single key for
representing keys and for identifying the schemes.
encoding and decoding a message.
PKCS#7 Cryptographic Message Syntax Standard
Public Key
A message that uses the syntax specified in Public-Key
A value, known by everyone to whom the certificate
Cryptography Standard #7. The Globeset CA provides
has been distributed, used to encrypt data and
a facility for receiving PKCS7 messages from higher
validate a digital signature. Although mathematically
CAs. Those PKCS7 messages contain the certificates
related to the private key, it is astronomically difficult to
that the Certificate Authority has requested.
derive from the public key.
PKCS#10 Certification Request Syntax Standard
Public Key Cryptography
A certificate request that uses the syntax specified in
An encryption method that uses two Keys: one key to
Public-Key Cryptography Standard #10. Certificate
encrypt the message and another key to decrypt the
requests are sent to CAs, who then return certificates.
message. The two keys are mathematically related so
For example, the Globeset CA creates PKCS10
that the data encrypted with either key can only be
messages which it sends to a brand CA or geopolitical
decrypted using the other. Each user has a public and
CA to obtain the certificates it uses.
a private key, and only the public key is distributed to
PKI parties with which the user exchanges encrypted
messages.
See Public Key Infrastructure.
Public-Key Cryptography Standards
PKI Service
A set of standards for implementing Private-Key
Cryptography, issued by RSA Data Security, Inc. in
context of a single thread of execution to proactively
collaboration with an industry consortium that includes
search the configuration database for public-key
a large number of hardware and software
certificates which are nearing their expiration date.
manufacturers. Documentation for the standards is
available from RSA’s FTP site.
94
Glossary, continued
Public Key Infrastructure RSA

Public Key Infrastructure is a system of digital An internet encryption and authentication system that
certificates, Certificate Authorities, and other uses an algorithm developed in 1977 by Ron Rivest, Adi
registration authorities that verify and authenticate the Shamir, and Leonard Adleman. The RSA algorithm is
validity of each party involved in an Internet the most commonly used encryption and
transaction. PKIs are currently evolving and there is no authentication algorithm and is included as part of the
single PKI or even a single agreed-upon standard for Web browser from Netscape and Microsoft.
setting up a PKI.
Commerce Suite Server

nuBridges Commerce Suite Server Agent, Version 3.X. S
Secret Key Cryptography
R An encryption method which uses the same Key to
encrypt and decrypt a message. The sender and
recipient must share the key.
RC2
Specifies the Rivest’s Cipher encryption algorithm used Secure Electronic Transaction Protocol
to encrypt and decrypt messages. RC-2 is a A protocol developed jointly by Visa and MasterCard
conventional (secret key) block encryption algorithm that allow secure credit card transactions over open
and has a block size of 64-bits with a variable key size networks, specifically the Internet.
from one byte up to 128 bytes.
Secure Sockets Layer
Role Short for Secure Sockets Layer, a protocol developed
The set of Commerce Suite Server Application Services by Netscape for transmitting private documents via
operating within a single instance of the Commerce the Internet. SSL works by using a public key to encrypt
Suite Server application (a process) which, taken data that's transferred over the SSL connection. Both
together, comprise a logical functional unit in an Netscape Navigator and Internet Explorer support SSL,
Commerce Suite network. The Roles supported by and many Web sites use the protocol to obtain
Commerce Suite Server are Administrator, Router, and confidential user information, such as credit card
Transport. numbers. By convention, URLs that require an SSL
connection start with https: instead of http:.
Root CA
The Certificate Authority which issues certificates to Serializer Service
brand CAs (superior CAs). The Root CA is also The set of application tasks that execute within the
sometimes called the Supreme CA. context of a single thread of execution to serialize the
access of shared application resources by other
RosettaNet application threads. The Serializer Service is started
An organization focused on building a master automatically at application startup and is required by
dictionary to define properties for products, partners, all Commerce Suite Server Roles. Serialized resources
and business transactions. RosettaNet can be found at include shared memory areas, directories, and the
http://www.rosettanet.com. database.
Router Agent Service

An instance of the Commerce Suite Server application A discrete set of Commerce Suite Server application
configured to provide routing services including round- tasks that provide a logical service to the Agent. The
robin selection of Transport Agents, message-queuing Services supported by Commerce Suite Server are:
and fail-over retransmission. Serializer, Outbound, Inbound, Control, PKI, Work-
95
Glossary, continued
Order, User Interface, Out-Beacon, and In-Beacon. data units (PDUs), to different parts of a network.
Sets of concurrently executing Services are combined SNMP-compliant devices, called agents, store data
to define Commerce Suite Server Roles. about themselves in Management Information Bases
(MIBs) and return this data to the SNMP requesters.
SET
See Secure Electronic Transaction Protocol. SSL
See Secure Sockets Layer.
SHA-1
Specifies the Secure Hash Algorithm used to verify a Strong Encryption
file’s integrity. The SHA-1 generates a condensed A term given to describe a cryptosystem that uses a
representation of a message called a message digest. key of sufficient length that it becomes effectively
The SHA-1 is used by both the transmitter and intended impossible to break the cypher within a meaningful
receiver of a message in computing and verifying a time frame.
digital signature.
Subscriber
Signature An entity which receives a certificate from a CA.
See Digital Signature.
Supply Chain Management
Sockets The process of optimizing a company’s internal
Sockets are a method for communication between a practices, as well as the company’s interaction with
client program and a server program in a network. A suppliers and customers, in order to bring products to
socket is defined as the endpoint in a connection. market more efficiently. A company that performs
Sockets are created and used with a set of these functions most effectively is in a position to
programming request (function calls) sometimes deliver products more quickly, and at a lower cost or
called the sockets API. The most common sockets API higher profit margin, than its competitors.
is the Berkeley UNIC C interface for sockets. Sockets
can also be used for communication between Symmetric Encryption
processes within the same computer. A type of encryption where the same key is used to
encrypt and decrypt the message. This differs from
S/MIME asymmetric (or public-key) encryption, which uses one
Secure MIME - S/MIME (Secure/Multipurpose Internet key to encrypt a message and another to decrypt the
Mail Extensions) provides a consistent way to send and message.
receive secure MIME data. Based on the popular
Internet MIME standard, S/MIME provides the following
cryptographic security services for electronic
messaging applications: authentication, message T
integrity and non-repudiation of origin (using digital
signatures) and privacy and data security (using TCP/IP
encryption).
Transmission Control Protocol/Internet Protocol or the
SMTP suite of standard protocols that enable computers to
inter-communicate on the Internet. TCP/IP uses several
Simple Mail Transport Protocol - An Internet standard
protocols, the two main ones being TCP and IP. TCP/IP
for transporting email.
is built into the UNIX operating system and is used by
the Internet, making it the de facto standard for
SNMP
transmitting data over networks. Even network
See Simple Network Management Protocol. operating systems that have their own protocols, such
as NetWare, also support TCP/IP.
Simple Network Management Protocol
A set of protocols for managing complex networks. The
first versions of SNMP were developed in the early 80s.
SNMP works by sending messages, called protocol
96
Glossary, continued
Thread Commerce Suite Server Agent can enable the User-

A logical sequence or program instructions that are Interface Service so that its current status can be
executed independently. remotely viewed via a Web-browser.
Transport Agent
An instance of the Commerce Suite Server application
configured to provide transport services including the
V
compression, encryption and delivery of data, the
verification of digital signatures and the construction Virtual Private Network (VPN)
and transmission of Delivery Notifications. A controlled, trusted network structure that
incorporates end-to-end encryption, enabling a
Triple Data Encryption Standard secure connection from any linked machine to any
Triple Data Encryption Standard (DES3) is a derivative other.
of Data Encryption Standard (DES) that has served as
the cornerstone of data encryption for almost 40 years.
DES-3 is DES run three times with three different keys. It
uses a 192-bit key and has an effective strength of 112- W
bits.
Work-Order
A set of one or more Console Commands sent to a
U Commerce Suite Server Agent to accomplish one or
more specific tasks. The typical use of a Work-Order is
to initiate an outbound delivery of data (a send).
UCC
Uniform Code Council, Inc. Work-Order Service
UDP context of a single thread of execution to query the
User Datagram Protocol. A simple, datagram- database or a directory for Work Orders.
oriented, transport layer protocol, used by Commerce
Suite Server to facilitate dynamic pools of Transport
Agents marshaled by a Router Agent. The Transport
Agents use UDP as the underlying protocol to transmit X
small informative packets of data identifying their
inbound protocol ports. XML
Uniform Resource Locator See eXtensible Markup Language.
The global address used for locating resources on the X.509V3
web.
X.509 Public Key Certificate and CRL Profile, Version 3,
URL defined in CERT. The version of X.509 Public Key
Certificate supported by Commerce Suite Server. A
See Uniform Resource Locator.
standard format for public key certificates and
User-Interface Service Certificate Revocation Lists (CRL). X.509 is a standard
for security services within the X.500 directory services
framework.
context of a single thread of execution to return HTML-
formatted application-status information to a web-
browser. The User-Interface Service is not required by
any Commerce Suite Server Role. However, any
97
1000 Abernathy Road · Building 400, Suite 250 · Atlanta, Georgia 30328
800.251.4930 toll free · 770.730.3600 main · 770.730.3784 fax
info@nubridges.com · www.nubridges.com
For technical support, call (866) 830-3600 or email support@nubridges.com.

Commerce Suite Administration Guide Version 3.5.1 - 0710

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Commerce Suite Administration Guide Version 3.5.1 - 0710

Diunggah oleh

Hak Cipta:

Format Tersedia

nuBridges Commerce Suite™

Document Version 07.10

Chapter 2: Introduction to Commerce Suite

Chapter 2: Introduction to Commerce Suite, continued

Chapter 3: Managing Commerce Suite Servers

Chapter 4: Managing Commerce Suite Trading Partners

Chapter 5: Managing Certificates

Chapter 6: Configuring a Backup Administrator

Appendix A: UNIX Configuration Information

Appendix B: Commerce Suite Error Messages

Appendix C: Database Schema for Commerce Suite Deployments

Appendix C: Database Schema for Commerce Suite

About This Document

• Chapter 1: Introduction. This chapter provides information about the

• Your business application software and business practices

Introduction to the Commerce Suite Documentation Set

Commerce Suite Documentation Roadmap

1. Commerce Suite Release Notes

2. Commerce Suite Getting Started Guide

3. Configuring Commerce Suite Clusters

4. Commerce Suite Administration Guide

Read... To Learn About...

Read... To Learn About...

Designates a warning or important piece of information.

Text Format Example Explanation

Text Format Example Explanation

The Commerce Suite Solution

The nuBridges Commerce Suite solution delivers the performance, scalability,

The nuBridges Commerce Suite supports industry standards, enabling businesses to

Certified and Supported Platforms

MSSQL Server 2000 X X X

MSSQSL Server 2005 X X X

The Commerce Suite Advantage

Supports the EDI-INT Specification

Ensures Data Integrity and Confidentiality

Enables a High Performance, High Availability

Assure Reliable Trading Community Data Delivery

Commerce Suite Architecture

Commerce Suite Configuration

Data Asset Protection

Commerce Suite Services Overview

The Commerce Suite process is divided into the following services:

Understanding the Console Service

Understanding the Serialization Service

Understanding the Control Service

Understanding the Outbound Service

Understanding the Inbound Service

Understanding the Out-Beacon Service

Understanding the Router Service

Under normal circumstances, each Router session will:

Understanding Commerce Suite Roles

Understanding the Transport Role

Understanding the Router Role

Understanding the Admin Role

Managing Commerce Suite Servers

• Defining a New Commerce Suite Server Profile

Defining a New Commerce Suite Server Profile

1. Start the Commerce Suite application if it is not already running.

Inserting a Commerce Suite Server Profile Into

1. Start the Commerce Suite application if it is not already running.

2. At the command prompt, enter the insertserver command using the

Displaying a List of Defined Commerce Suite