BaswareONE - Replace Bizconnect Client/Server certificate


Summary:

The below instructions can be used to replace the lightweight certificate used in a Bizconnect Client/Server installation. The paths are the default installation directories but might be different in your local installation.

Instructions:

Order a new certificate:

You can order a new certificate from any certificate provider (e.g. from Certificate Authority like Go Daddy, or DigiCert, etc). It should have the SHA256 hashing algorithm and 2048-bit RSA signing algorithm. It was found that SHA384 would not work. 

Before you begin:

  1. Please make sure to create a copy of the certificate and the script you're about to adjust so a rollback can easily be performed in case something goes wrong.
  2. Make sure that the private key has the extension .p12 and the public key has the extension .cer/.crt
  3. Provide the public key to Basware Support so the certificate replacement can be scheduled and performed at the same time on your and Basware end. This way we avoid interruptions on the document exchange.

The certificate provided by your provider has the file extension .pfx. Please change the extension to .p12 and follow the installation instructions which you will receive from your certificate provider.

Bizconnect client:

  1. Adjust "bc_parameters_production.xml" found in: "C:\Bizconnect\scripts":
  2. The bold parts need to be adjusted.
    1.  Replace "CERTIFICATE.p12" by the new filename and put the new certificate in the correct directory or change the name of the certificate so it matches the name mentioned in the script. In the below example this would be: "C:\Bizconnect\keys"
    2.  Update the "PASSWORD".
      <user>
      <privatekey>
      <filename>./keys/CERTIFICATE.p12</filename>
      <!-- LOCATION OF YOUR PRIVATE CERTIFICATE, ONLY USED FOR SIGNED UPLOADING -->
      <password>PASSWORD</password>
      <!-- PRIVATE CERTIFICATE PASSWORD, ONLY USED FOR SIGNED UPLOADING -->
      </privatekey>

Bizconnect server:

Be aware that a Bizconnect Server installation contains a dataset for both production and staging. Dsprod is the standard dataset to connect to our production environment.

  1. Adjust "config.xml" found in: "C:\BizconnectServer\dsprod":
  2. The bold parts need to be adjusted.
    1. Replace "CERTIFICATE.p12" by the new filename and put the new certificate in the correct directory or change the name of the certificate, so it matches the name mentioned in the script. In the below example this would be: "C:\BizconnectServer\dsprod\rootcerts"
    2. Update the "PASSWORD".
      <user>
      <!-- ONLY IF YOU USE SIGNED UPLOAD-->
      <privatekey>
      <filename>./rootcerts/CERTIFICATE.p12</filename>
      <!-- EDIT -->
      <!-- ONLY IF YOU USE SIGNED UPLOAD-->
      <password>PASSWORD</password>
      <!-- EDIT -->
      <!-- ONLY IF YOU USE SIGNED UPLOAD-->
      </privatekey>