Connect Direct Manual En

Manual Connect:Direct Connecting to the Secure File Transfer System of Equens

Final

Equens

Classification: NON CONFIDENTIAL

Version 1.0 - 2 March 2009

Manual Connect:Direct

Connecting to the Secure File Transfer System of Equens

Equens

Version history

Version

number

Version

date

Status Edited by Most important

edit(s)

1.0 02-Mar-09 Final Equens Revision of the manual.

Connect:Direct is a trademark of Sterling Commerce.



NON CONFIDENTIAL

Equens Version 1.0 - 2 March 2009 3

Content

1 Introduction................................................................................. 6

1.1 Maintenance of this document ............................................................6

1.2 Target groups..................................................................................6

1.3 Structure of this manual....................................................................6

2 Equens Connect:Direct Network variants and infrastructure .......... 8

2.1 Two network variants........................................................................8 2.1.1 Connect:Direct via Internet ...................................................8 2.1.2 Connect:Direct via a Leased Line............................................8

2.2 Infrastructure ..................................................................................9

3 Security ..................................................................................... 10

3.1 Introduction ..................................................................................10

3.2 Encrypted file transmission via SSL ...................................................10

3.3 Authentication by means of certificates ..............................................11

4 File naming and routing mechanism............................................ 14

4.1 Introduction ..................................................................................14

4.2 Connect:Direct file name convention..................................................14

4.3 Routing of files to Equens and third parties .........................................16

4.4 Receipt of different file types............................................................16

5 Fallback and backup facilities ..................................................... 17

5.1 Standard situation..........................................................................17

5.2 Scenario in the event of local problems ..............................................17

5.3 Scenario in the event of a network failure at the Utrecht location ...........18

5.4 Scenario in the event of a total failure at the Utrecht location ................19

6 Configuration of your network .................................................... 20

6.1 Configuration of the firewall .............................................................20

6.2 Configuration of the Connect:Direct node in your environment...............20

7 Requesting and installing of a certificate..................................... 21

7.1 Introduction ..................................................................................21 7.1.1 Procedure.........................................................................21 7.1.2 Preparation.......................................................................21



4 Equens

7.1.3 Maintenance .................... Fout! Bladwijzer niet gedefinieerd.

7.2 Requesting a certifcate....................................................................23

7.3 Retrieving the certificate..................................................................27

7.4 Exporting the certificate ..................................................................32

7.5 Importing the certificate in your Connect:Direct node...........................37

7.6 Retrieving the Equens certificaat (CA certificate)..................................38

7.7 Importing the Equens CA certificaat in your Connect:Direct node............39

7.8 Retrieving of the Certification Revocation List......................................39

8 Testing your connection ............................................................. 40

8.1 Introduction ..................................................................................40

8.2 Difference between three test types ..................................................40

8.3 Connection test..............................................................................41 8.3.1 Connection test features and conditions.................................41 8.3.2 Connection test execution ...................................................41

8.4 Filetransfer test .............................................................................41 8.4.1 Filetransfer test features and conditions ................................41 8.4.2 Filetransfer test execution ...................................................41

8.5 Processing tests .............................................................................42 8.5.1 Processing test features and conditions .................................42 8.5.2 Requesting the processing tests ...........................................42

9 File sending................................................................................ 43

9.1 Introduction ..................................................................................43

9.2 Automatic file sending.....................................................................43

9.3 Binary file sending......................... Fout! Bladwijzer niet gedefinieerd.

10 File delivery ............................................................................... 44

10.1 Introduction ..................................................................................44

11 Working with compressed files ................................................... 45

11.1 Introduction ..................................................................................45 11.1.1 Compression programme conditions......................................45 11.1.2 Binary file transmission ......................................................45

11.2 Sending compressed files ................................................................45 11.2.1 Conditions ........................................................................45

11.3 Receiving compressed files ..............................................................45 11.3.1 Conditions ........................................................................45 11.3.2 Features: .........................................................................45



NON CONFIDENTIAL


12 Support processes: questions and changes ................................. 47

12.1 Equens Connect:Direct availability.....................................................47

12.2 Customer Services department contact information..............................47

12.3 Information on the Equens website ...................................................47

12.4 Changing specifications ...................................................................47

12.5 Changing connection type................................................................48

12.6 Terminating the connection..............................................................48

12.7 Changing and terminating processing agreements ...............................48



6 Equens

1 Introduction

In this manual you will find information about Connect:Direct, one of the four

connection types of the Secure File Transfer System. Information about the other

three connection types can be found in the "Quick reference Equens Connectivity

Services".

In the "Quick reference Connect:Direct" you can find a description of the

administrative connection procedure.

1.1 Maintenance of this document

This document is managed and maintained by Equens IT's System & Connectivity

department. Amendment and publication of this document may be carried out

solely by this department.

New versions of this document will be made available as PDF files.

When a new version of the document is published, Equens will send the customer

an e-mail notification. The notification will be sent to the e-mail address you've

stated in the "Applicant details" field on the Connect:Direct Service Request Form.

We would be grateful for any feedback regarding any unclear or incorrect

information found in this manual. Please send your response to the Equens

Customer Services department.

1.2 Target groups

This manual is primarily intended for network specialists, functional and technical

designers and administrators, ICT architects and programmers who are involved in

the implementation and use of the Connect:Direct connection.

1.3 Structure of this manual

This manual is divided into three sections in which the following is explained:

• Configuration of the connection with Connect:Direct

• How to make a connection

• Recurring procedures

The above three sections are explained in further detail below.

The first section describes how Equens has configured the connection with

Connect:Direct and comprises chapters 2 to 5, which contain the following

information:

• Network variants via which you will be able to connect to Connect:Direct

• How the security works

• The manner in which the system will route your data to its destination on the

basis of file names

• How Equens has set up the backup and fallback.

The second section explains in detail the one-off procedure you must perform in

order to carry out future submissions of your data using Connect:Direct. This

section comprises chapters 6 to 8, which contain the following information:



NON CONFIDENTIAL


• The technical aspects of connection (organisation of your network)

• The requesting and installing of a certificate

• Testing your connection.

The third section explains in detail the activities that recur. This section comprises

chapters 9 to 12, which contain the following information:

• How to send files

• How files are delivered

• How to handle compressed files

• How to submit questions and/or changes.



8 Equens

2 Connect:Direct Network variants and infrastructure

2.1 Two network variants

Two network variants can be used for Connect:Direct

• Connect:Direct via the internet

• Connect:Direct via a Leased Line

These two types are equal in terms of security: The security will be organised on

application level with Secure Plus (SSL encryption).

A connection via the internet is advantageous, as it enables high-speed transfers.

Furthermore, if you already have an internet connection, the costs will naturally

be lower.

If you should opt for a more robust connection, the Leased Line is a good solution.

This will involve additional costs ensuing from the management of the Leased Line

by the connection provider. Furthermore, this connection is not a standard Equens

network variant, and is realised in project form. This will also involve additional

costs.

The two network variants will be discussed in the subsequent sections.

2.1.1 Connect:Direct via Internet

This network variant is the preferred choice of both Equens and the majority of

users. Its characteristics are as follows:

• The file transfer speed will depend on the internet connection bandwidth.

Please note: As a rule, the available bandwidth cannot be guaranteed in the

event of internet use.

• Securing your internet-linked infrastructure will be your responsibility, in

addition to which Equens strongly recommends using firewalls.

2.1.2 Connect:Direct via a Leased Line

For banks and large corporates, Equens has the possibility to connect via a Leased

Line. This Leased Line is based on a dedicated network and therefore has no

relationship with the internet. Furthermore, agreements can be made with regard

to bandwidth guarantees and availability. As a result, such connections have a

different level of security. The Leased Line connection can be scaled from 128

Kb/second to 155 MB/second.

This connection can also be useful if you exchange multiple types of traffic with

Equens.

From a technical point of view, connecting to such a connection is extremely

similar to an internet connection.

Given the fact that these connections are always tailor-made, please contact

Customer Interaction for additional information. This will not be discussed in any

further detail in this manual.



NON CONFIDENTIAL


2.2 Infrastructure

When the connection is made to Connect:Direct the infrastructure will appear

approximately as shown in the following figure:

Figure 1: Infrastructure for connection to Connect:Direct



10 Equens

3 Security

3.1 Introduction

This chapter describes how the security of your data and the continuity of services

will be guaranteed.

Agreements and technical facilities will ensure that the Equens Secure File

Transfer System secures your data at all times. The security aspects are as

follows:

Authenticity

Authenticity will be ensured by means of the following:

• certificate verification

• a firewall rule will be added for your IP-address

Confidentiality

Confidentiality regarding public and internal connections will be guaranteed

through the use of Connect:Direct with Secure Plus (SSL encryption).

Integrity

The integrity of the data that is to be transported will be guaranteed via the SSL

hashing mechanism (digital signature).

Authorisation

Authorisation will be granted by means of the following:

• check on IP-address

• check on Node name

• contract conclusion checks

3.2 Encrypted file transmission via SSL

When using Connect:Direct you will exchange files that may contain confidential

information via Connect:Direct with Secure Plus. In use, Connect:Direct with

Secure Plus will be very similar to standard Connect:Direct, but one important

difference is the fact that all confidential information will be encrypted via SSL.

The nodes will automatically carry this out for you.

One major advantage to this security method is that it is end-to-end: from node

to node. The data will not only be encrypted in the public part of the network, but

also on the internal networks of the client and Equens.

An additional advantage to this method is the fact that the network link between

the client and Equens will no longer need to be secured separately. In principle, it

will be possible to send files over any type of network, including the internet.



NON CONFIDENTIAL


Figure 2: The connection via Connect:Direct is secured end-to-end via SSL

3.3 Authentication by means of certificates

An important aspect of the Connect:Direct infrastructure is the use of digital

certificates. The Connect:Direct nodes are equipped with certificates for the

purpose of authentication. This authentication is based on the nodes only

accepting one another's certificates when they have been signed by the correct

(Equens) Certificate Authority.



12 Equens

A Getronics Pink Roccade PKI (Public Key Infrastructure) service will be used to

issue certificates. This company sets high standards for the construction and

management of PKI systems. Getronics Pink Roccade has set up a private CA

(Certificate Authority) for the benefit of Equens. Private, in relation to this matter,

means that this CA will only issue certificates for the Connect:Direct (and Secure

FTP) service. Conversely, the Connect:Direct service will only accept clients with

certificates issued by this CA.

Equens will have full control over issuing of certificates and will determine which

certificate applications will be accepted or rejected via a RA function. Equens will

also be able to revoke previously approved certificates if, for example, a security

risk is established or a contract expires.



NON CONFIDENTIAL


Figure 3: Issuing of certificates by Equens



14 Equens

4 File naming and routing mechanism

4.1 Introduction

When you wish to exchange files with Equens via Connect:Direct , the file names

must comply with a specific naming convention.

Files sent will be routed to the appropriate Equens processing system on the basis

of the file name. Equens will not be able to route files sent whose name does not

comply with the naming convention and will therefore be unable to process them.

In such cases you will receive an error message by e-mail.

4.2 Connect:Direct file name convention

The following standard will apply within Secure FTP with regard to the structure of

file names:

<SENDER>.<DESTINATION>.<TYPE>.<REFERENCE>.<EXTENSION>



NON CONFIDENTIAL


The separate fields are defined as follows:

Field Description

<SENDER> The ID of the submitting party.

This will be assigned by Equens and made known to the client.

<DESTINATION> The ID of the destination.

This will include 'SFT' if the file is destined for an Equens

system (not 'INTERPAY' or 'EQUENS').

If the destination is outside of Equens, the field must be filled

with a destination name that has been assigned by Equens.

<TYPE> The ID of the file type being exchanged.

A complete overview of the file types most often used can be

found at www.equens.com

<REFERENCE> A unique file reference assigned by the submitting party.

The field must begin with a letter and be unique to each

submitting party within 35 days.

<EXTENSION> An addition to the file name that indicates by which application

the file can be processed.

Important extensions include the following:

TXT ('readable' data)

DAT (binary)

PDF (Adobe Reader format)

XLS (Microsoft Excel format)

ZIP (compressed files).

Each extension can be routed on by Equens.

Table 1: Explanation of file name components

Specifications:

• Each field is mandatory

• Each field must begin with a letter

• The maximum field length is eight characters

• The file name must comprise of only capital letters.

An example of a correct file name:

R1234567.SFT.CLIEOP.C1234567.TXT

Please refer to the appendix "The relationship between the Secure FTP naming

convention and the 'old' I-Connect interface description" for information regarding

the relationship between the current Secure FTP naming convention and the

previous I-Connect interface with token files.

PLEASE NOTE: When sending files with Connect:Direct you will need to include

your mailbox number before the filename. The mailbox addition MUST be in

lowercase characters (the other part of the filename in CAPITALS). Below is an

example filename for mailbox M1234567 (your mailbox number can be requested

from the Customer Interaction department).



16 Equens

/m1234567/R1234567.SFT.CLIEOP.C1234567.TXT

4.3 Routing of files to Equens

In the Secure File Transfer System of Equens, data files will be routed to the

correct destination on the basis of the file name.

• The client sends the files for processing by Equens. The system may or may

not create output.

4.4 Receipt of different file types

A customer will be able to receive numerous file types via the Secure File Transfer

System. Each type can be processed by a specific application within the

customer's system.

The customer must have a mechanism that ensures that each file type is routed to

the correct application on the basis of the field <TYPE>.

Equens can only issue multiple DESTINATION names to a customer in complex

cases (for example, if a group has numerous offices, all of which process the same

file types and also share the same connection). The customer will then be able to

route internally on the basis on the <DESTINATION> in the file name.

DESTINATION name requests will be subject to extra charges.



NON CONFIDENTIAL


5 Fallback and backup facilities

5.1 Standard situation

Equens will have two identical environments at a primary location with a backup

facility at a secondary location.

Under normal circumstances each client will have a Connect:Direct connection

with the primary location.

This is shown in the following figure:

Figure 4: Route through Equens environment under normal circumstances

5.2 Scenario in the event of local problems

Local problems will be dealt with by the additional identical set of equipment at

the primary location.



18 Equens

5.3 Scenario in the event of a network failure at the primary location

In the event of a network failure in the primary location, the system will

automatically use the network infrastructure in the secondary location. With the

exception of a brief hiccup, the client will not notice any difference.

Figure 5: Route through Equens environment in the event of a network failure at

the primary location



NON CONFIDENTIAL


5.4 Scenario in the event of a total failure at the primary location

In the event of a total failure at the primary location, a procedure will be started in

order to summon the secondary location as the fallback location.

A number of procedures will ensure that the Connect:Direct traffic for the different

network variants is routed to the secondary location. During these procedures

connection with Equens will not be possible. The customer will notice no difference

after summoning of the fallback location and does not need to make any

additional changes.

Please refer to the Secure File Transfer System Service Level Agreement (SLA) for

the downtime.

Figure 6: Route through Equens fallback environment in the event of a total failure

at the primary location



20 Equens

6 Configuration of your network

This chapter explains the procedure for connecting to the Secure File Transfer

System at network level. Once the connection has been made it will be possible to

work with Connect:Direct at transportation level.

Two network variants can be used for Connect:Direct:

• Connect:Direct via Internet

• Connect:Direct via a Leased Line

The specifications for these network variants are described in chapter 2, "Equens

Connect:Direct Network variants and infrastructure".

6.1 Configuration of the firewall

In order to be able to use Connect:Direct, you will need to open firewall tcp port

1364 for sft.equens.com (82.195.45.60) for production (the sft.equens.com will

become active half June 2009, before that time please use sft.interpay.nl).

For our Acceptance environment (previously called Test environment) You will

need to open firewall tcp port 1364 for sftacc.equens.com (82.195.45.59).

This way the correct type of traffic will be allowed from your Connect:Direct node

(the machine that makes the physical connection with the Connect:Direct node

with Equens).

Please note: If you wish to carry out processing tests (please refer to section 8.5,

"Processing tests"), you must connect to the test environment.

6.2 Configuration of the Connect:Direct node in your environment

For configuring your Connect:Direct node you will need to add the IP-address or

the Node name of the Equens Connect:Direct node in your configuration.

Production-environment: IP-address: 82.195.45.60 (node: SFT)

Test-environment: IP-address: 82.195.45.59 (node: SFTACC)



NON CONFIDENTIAL


7 Requesting and installing of a certificate

7.1 Introduction

In this chapter we show you how to obtain a certificate (also called "Digital ID")

and install this in your Connect:Direct node.

7.1.1 Procedure

In general the procedure is as follows:

• You install the client certificate

− You request the certificate with Equens via your browser

− You pick up the certificate from Equens via your browser

− You export the certificate out of your browser

− You import the certificate into your Connect:Direct node

• You install the Equens CA certificate

In the following paragraphs the procedure is escribed further.

7.1.2 Preparation

Before you commence the procedure, it is important that you pay attention to the

following aspects.

Choice of applicant

First determine which employee requests the certificate, as the certificate will be

linked to the person who has requested it! This is the only person who can extend

and revoke the certificate. When the person who requested the certificate leaves

the company, it will be necessary to request a new certificate. Please keep this in

mind when you determine which person requests the certificate.

Choice of e-mail address

The certificate can only be retrieved with the PC that is used to request it. Make

sure you can access your e-mail on or close to the same PC as the one you have

requested the certificate with. A production certificate is valid for two years (the

test certificate is valid for one year). At this e-mail address we will send a warning

when the certificate is about to expire. Please keep that in mind when you

determine which e-mail address you will enter.

Transfer of certificates to the Connect:Direct node

In case the machine where the Connect:Direct node will be active is a different

machine as the machine which retrieved the certificates, the exported client

certificate and the retrieved Equens certificate need to be transferred.

Browser choice

The procedure and screenshots in this manual are based on the use of Microsoft

Internet Explorer. Equens strongly advises to use this browser. With other browser

a correct operation cannot be guaranteed. Equens does not provide support with

problems using other browsers than Microsoft Internet Explorer.



22 Equens

Potential error messages

If you are using Windows XP with Service Pack 2, there is a chance you will get

the error message "Error 1B6 occurred. You may need to install OnSiteMSI".

Through the website www.pki.pinkroccade.com, 'Support', 'Issues', 'OnSiteMSI

error' you can download a file with the OnSiteMSI file and an installation manual.

Converting certificates

Some nodes are not able to read the standard exported format. The certificate

needs to be converted. See the "Frequently asked questions - Connectivity

services" at www.equens.com

Securing your certificate

It is recommended to safeguard the exported client certificate.

Make a backup on an external carrier and store this in a safe place.

If the certificate is lost, you will need to request a new certificate.

Extending your certificate on time

A production certificate is valid for two years (a test certificate for one year). You

can extend a certificate each time for the same length of time. When a certificate

tends to expire you will be warned by e-mail.

Once your certificate is expired, it is not possible to extend it. You will need to

request a new certificate. Please note that requesting a new certificate takes more

time than extending a certificate, because for a new certificate you will need to

request a new pincode.

It is advised you start the extension of your certificate at least a month before the

expirydate.



NON CONFIDENTIAL


7.2 Requesting a certifcate

As soon as you have indicated you wish to be connected via Connect:Direct, you

will receive an URL and an access code for the CA website for Equens.

With this access code you can request a user certificate from Equens.

Note: As of October 16, 2006 Interpay is operating under the name Equens.

However, the PKI environment at PinkRoccade is still active under the name

Interpay Nederland.

In the URL you will receive, as well as in the address bar of the browser you will

see /InterpayNederlandBV/

Step 1 Copy the URL and paste this into the addressbar of your browser

URL Production:

https://mpki.pinkroccade.com/services/InterpayNederlandBV001/digitalidCenter.htm

URL Acceptance (Test):

https://mpki-test.pinkroccade.com/services/InterpayNederlandBV/digitalidCenter.htm

The following screen will be displayed:

Please note: 'Digital ID' is a synonym for 'certificate'.



24 Equens

Figure 7: The openingpage with the options for certificates.

Step 2 Click the first option, 'Enroll'


Figure 8: The form for requesting a certificate.



NON CONFIDENTIAL


Step 3 Fill in the contact- and identification data as described below:

• The name of the applicant or the name of one of the persons authorized to

change the password.

Please note that the certificate will be linked to the person who has requested

it. This is the only person who can extend or revoke the certificate. If the

person who has requested the certificate leaves the company it will be

necessary to request a new certificate. Please keep this in mind when deciding

whose name the certificate is requested.

• The e-mailaddress where you will receive notifications at.

The first notification you will receive at this e-mailaddress is a confirmation of

your request and the necessary information for retrieving the certificate.

A production certificate is valid for two years (a test certificate is valid for one

year). At this e-mailaddress we will warn you when the certificate is about to

expire. Please keep this in mind when deciding which e-mailaddress you will

use.

• The access code for the CA website you have received together with the

URL, also known as the 'Certificate Enrollment PIN'

This pincode is only valid for issuing this certificate. You do not need to

safekeep the pincode after requesting the certificate. If you request a new

certificate, you will receive a new pincode.

• A 'Challenge Phrase'

The Challenge Phrase is case sensitive and may not contain any punctuation.

The Challenge Phrase is a sentence you will need to remember. You will need

this sentence when extending your certificate. In case you do not remember

the Challenge Phrase anymore, you will need to request a new certificate and

start the certificate request procedure from the beginning.

Step 4 Send the form by clicking the 'Submit' button

You will get the message below, asking you to confirm your e-mail address and if

the correct e-mail address has been entered.

Figure 9: It is important that you have entered your e-mail address correctly.



26 Equens

Step 5 Confirm that you have entered the correct e-mail address

If you click on 'Cancel', you will get the opportunity to correct the e-mail address

in the Enrollment form.

If you click 'OK', the form will be processed.

Next you will get the screen below and a message from the Internet Explorer.

Figure 10: A standard Internet Explorer security.

Step 6 Click 'Yes'

The request is finished.

The following screen will be displayed notifying you that an e-mail has been sent

containing instructions for installing the certificate.

Figure 11: You see a confirmation that your request has been received.



NON CONFIDENTIAL


When you check your e-mail, you should see the message below.

From: certificate

Send: woensdag 2 augustus 2006 14:13

To: Janssen, Dhr. G.A. (Geert)

Subject: Equens Digital ID request confirmation

Dear G.A. Janssen,

Thank you for requesting a Digital ID.

Equens Nederland B.V. is processing your request,

and will notify you when your Digital ID is ready.

If you have questions about your application, please

contact Equens Nederland B.V. by replying to this

e-mail message.

Figure 12: You receive a request confirmation by e-mail.

The status now is as follows:

• A Private Key is created in the browser on this computer

• Your request is processed by Equens

• You have received an e-mail stating your request is confirmed

• Some time later you will receive an e-mail containing instructions for installing

the certificate with the matching pincode

7.3 Retrieving the certificate

Now you have requested the certificate, it is ready to be retrieved and be

installed.

Step 7 Open the second e-mail message

In this message the data is given that you will need to retrieve the certificate.



28 Equens

From: certificate

Send: woensdag 2 augustus 2006 14:24

To: Janssen, Dhr. G.A. (Geert)

Subject: Your Equens Digital ID is ready

Dear G.A. JANSSEN,

Equens Nederland B.V. has approved your Digital ID request.

To assure that someone else cannot obtain a Digital ID that

contains your personal information, you must retrieve your

Digital ID from a secure web site using a unique Personal

Identification Number (PIN).

You can retrieve your Digital ID by following these simple

steps:

Step 1: Visit the Digital ID retrieval web page, at:

https://mpki.pinkroccade.com/services/

InterpayNederlandBV/client/mspickup.htm

Step 2: In the form, enter your Personal Identification

Number (PIN):

Your PIN is: 641625923

Step 3: Follow the instructions on the page to complete the

installation of your Digital ID.

If you have any questions or problems, please contact Equens

Nederland B.V. by replying to this e-mail message.

Figure 13: The e-mail with instructions and pincode.

As indicated in the e-mail, you will need to perform the following steps:

• You copy/paste the URL mentioned in your e-mail into the addressbar of your

browser

• In the form that appears in your browser, please type the pincode mentioned in

the e-mail

• Please follow the instructions given in the form in your browser

Step 8 Copy the URL and paste this in the addressbar of your browser

You will get the following screen:



NON CONFIDENTIAL


Figure 14: The page where you retrieve your certificate.



30 Equens

Step 9 Type the pincode mentioned in the e-mail and click 'Submit'

Please pay attention! You will need to retrieve the certificate with the same PC

that you have used to request the certificate.

If you don't, you will get the following error message:

Figure 15: Error message when you use a different PC.

Next you will see the screen below, a message from Internet Explorer:

Figure 16: A standard security message from Internet Explorer.



NON CONFIDENTIAL


Step 10 Click 'Yes'

Retrieval of the certificate is now complete.

You will see the screen below, it indicates that the certificate was generated

successfully and has been installed on that PC.

Figure 17: Confirmation of the certificate installation.



32 Equens

7.4 Exporting the certificate

The certificate has now been imported in your browser.

You will need to export it from here, so you can import it into the Connect:Direct

node.

Step 11 Call the dialogue screen for certificates

• In the browser menu choose 'Extra' and 'Options'


Figure 18: Through the Options-screen you go to the certificates screen.



NON CONFIDENTIAL


• Click the button 'Certificates'

The following screen is displayed:

Figure 19: The screen where you manage the certificates in your browser.

Step 12 Choose the correct certificate

Click the certificate you have just installed.

The screen below is displayed. Click 'Next' to continue.

Figure 20: Certificate export screen.



34 Equens

Step 13 Confirm you want to export the certificate

In the next screen you are warned that you will need to protect the certificate with

a password. This is certainly recommended, so choose option 'Yes' and click

'Next'.

Figure 21: Exporting the certificate private key.

Step 14 Enter the export options

You will need to enter several preferences.

Tick the bottom two options under 'Personal Information Exchange':

• 'Enable strong protection'

With this you choose for a strong security (protection).

• 'Delete the private key if the export is successful'

Tick this option only after you have succesfully exported the certificate. If you

tick this option you cannot export the certificate again.

After ticking this option and exporting the certificate it will be impossible for

someone else to export the certificate again!

Click 'Next' again.



NON CONFIDENTIAL


Figure 22: Important options related to security.

Step 15 Enter a password

In the next screen you will need to enter a password.

You will need this password again when you are importing the certificate into your

Connect:Direct node.

Figure 23: Security through a password.



36 Equens

Step 16 Save the certificate file

Next you will need to enter where on your harddisk the certificate needs to be

saved and under which name it is saved.

Figure 24: Saving the certificate on the harddisk.

Step 17 Finish the export procedure

Next you will see an overview of the specifications you have entered with the

possibility of making adjustments by using the 'Back' key.

If you are satisfied, please click 'Finish'.

Figure 25: Overview of the specifications entered.



NON CONFIDENTIAL


You will get a confirmation that the export was successful. Click 'OK' to continue.

Figure 26: The confirmation that the export was successful.

Subsequently you can find the saved certificate/file in the Explorer.

Figure 27: The certificate/file in the Explorer.

7.5 Importing the certificate into your Connect:Direct node

For importing the certificate in your Connect:Direct node we refer you to the

manual of your Connect:Direct node or request support from Sterling Commerce.

If you need to convert your certificate into a different format, please check our

"Frequently asked questions" section on the website of Equens (www.equens.com)



38 Equens

7.6 Retrieving the Equens server certificate (CA certificate)

By importing the CA certificate into your Connect:Direct node the computers of

Equens know to trust your computer.

Now you will need to configure your computer so that it will trust the Equens

computer.

Step 18 Go back to the openingspage of the Digital ID Center

Paste the URL you have received by postal mail into the addressbar of your

browser again.

The following screen is displayed:

Figure 28: The openingpage with the options for certificates.



NON CONFIDENTIAL


Step 19 Choose the option 'Install CA'

A download is started immediately and the screen below is displayed, where the

system asks you if you want to open or save the file to your harddisk. Choose the

option 'Save'.

Figure 29: Save the certificate to your harddisk.

Step 20 Save the certificate to your harddisk

7.7 Importing the Equens CA certificate into your Connect:Direct node

For importing the certificate into your Connect:Direct node we refer you to the

manual of your Connect:Direct node or request support from Sterling Commerce.

7.8 Retrieving the Certification Revocation List

Some nodes can import a 'Certification Revocation List' (CRL) to check if a

certificate is still valid. This file contains a list of all revoked certificates. This list

can be downloaded at:

http://pki.pinkroccade.com/crl/InterpayNederlandBV001/LatestCRL.crl



40 Equens

8 Testing your connection

8.1 Introduction

It is advisable to first check whether the connection is functioning correctly and

whether the files are being sent on in the required manner. You can test this

easily by sending a file to yourself. This connection test and file transfer test can

simply be carried out in the Equens production environment.

If you also wish to carry out processing tests, you must carry these out in the test

environment (!) and schedule the test at least one week in advance in

consultation with the Customer Services department and the relevant business

unit.

8.2 Difference between the three test types

Tests can be carried out at three levels:

• Level A: connection test

• Level B: file transfer tests

• Level C: processing tests (application level).

The level A and B tests relate specifically to the Connect:Direct connection.

The level C tests are not related to the connection type.

The following figure shows the levels at which the tests should be carried out.

Figure 30: Testing for Connect:Direct will take place at three levels

Testing can only commence if the following conditions have been met:

• All relevant data must have been entered in the various Equens databases

• You must have installed a Connect:Direct node

• You must have installed the client and server certificate



NON CONFIDENTIAL


8.3 Connection test

8.3.1 Connection test features and conditions

Feature Description

Subject The connection with Equens Connect:Direct.

This involves aspects such as:

• Setting up a connection with Connect:Direct and

Secure Plus

• The compression mechanism

Objective Checking whether the Equens Connect:Direct

specifications have been properly implemented with

the customer.

Conditions You do not need to contact Equens in order to carry

out this test.

Importance Recommended

Environment Production environment

Table 2: Features of the Connect:Direct connection test

8.3.2 Connection test execution

You must use your Connect:Direct in the production environment to test whether

a connection can be realised. Please refer to the documentation of your

Connect:Direct node.

Please note: It is not the intention of a connection test to send files to Equens. For

sending files you need to perform a filetransfer test.

8.4 Filetransfer test

8.4.1 Filetransfer test features and conditions

Feature Description

Subject Routing from and to yourself.

Objective Checking whether the file transfer via Connect:Direct

between Equens and the customer is successful.

Conditions You do not need to contact Equens in order to carry

out this test.

Importance Recommended

Environment Production environment

Table 3: Features of the Connect:Direct filetransfer test

8.4.2 Filetransfer test execution

File transfer tests consists of sending files to yourself.

Please do this in the following manner:



42 Equens

• Give the file the correct name:

- For <DESTINATION> enter the same as for <SENDER>

- Enter the SELFTEST value for <TYPE>

Please refer to section 4.2, "Connect:Direct file name convention" for the file

name structure.

• Set up a connection to the Connect:Direct node of Equens

• Send a file to yourself

See section 9, "File sending"

The file will be fully processed at Equens.

This means that the file will be routed on to the addressee, in this case

yourself.

• Check if the file is delivered at your Connect:Direct node.

8.5 Processing tests

8.5.1 Processing test features and conditions

Feature Description

Subject The content and layout of the files.

Objective Checking whether file transfer and data processing

(for Equens-specific business) between Equens and

the customer via Connect:Direct is successful.

Conditions • If you use separate test machines you must

request a test certificate

• These tests must be scheduled at least one week in

advance in consultation with the Equens Customer

Services department

Importance Not mandatory

Environment Test environment (sftacc.equens.com)

(testing in the production environment is not

permitted).

Table 4: Features of the Connect:Direct processing test

8.5.2 Requesting the processing tests

Processing tests will be carried out on the Equens test environment.

If you wish to carry out processing tests (i.e. at application level), you must carry

these out on the test environment (!) and schedule the tests at least one week in

advance in consultation with the Customer Services department. The Connectivity

Management connection coordinator will contact you to plan the tests.

In the event of a non-standard connection or connection to systems other than

the giral Clearing and Settlement System, this connection coordinator will draw up

the test procedure in consultation with the owner of the processing system. These

connection processes are always carried out on a project basis.



NON CONFIDENTIAL


9 File sending

9.1 Introduction

You can send files to Equens using commands in your Connect:Direct node. When

sending files you will need to initiate the transfer.

You can also send compressed data files. Please refer to chapter 11, "Working

with compressed files" for additional information.

9.2 Automatic file sending

Most Connect:Direct nodes have the possibility to send files automatically. The

node can be configured so that it will check a directory on the local system for

waiting files. If this is the case, the files will be sent to Equens without any further

action being required from the user. If the files are sent successfully the node can

remove the files.

You can use a "File agent" for this, but you are responsible for futher automation,

Equens does not provide support for this.



44 Equens

10 File delivery

10.1 Introduction

Files addressed to you are "pushed" to you by Connect:Direct, you do not need to

take the initiative to retrieve the files.

It is not possible to retrieve files again that have previously already been supplied

to you. If you would like to receive a file that has already been supplied to you,

you will need to contact our department Customer Services.

Files to be retrieved will remain available within the system for 30 days. When this

period has elapsed, the files will be deleted and cannot be resupplied.



NON CONFIDENTIAL


11 Working with compressed files

11.1 Introduction

Files can be compressed in order to reduce their size and therefore also the

amount of time it takes for them to be transmitted. If the bandwidth is sufficient,

compression will not be necessary and consequently advised against.

11.1.1 Compression programme conditions

• Your compression programme must be compatible with PKZIP version 2.04g.

• Acquisition and use of compression software will be your own responsibility.

• Please refer to your compression programme manual for information regarding

file compression and decompression.

11.1.2 Binary file transmission

You must use binary transmission in order to both send and receive compressed

files, please see section 9.3, "Binary file sending".

11.2 Sending compressed files

11.2.1 Conditions

• You will be able to send both compressed and uncompressed files.

Contrary to when you would like to receive compressed files, there is no need

to state this on the Service Request form.

• The compressed file that you wish to send may not contain more than one data

file.

• Although the file name in the archive does not need to comply with the naming

convention, it is advisable.

This is also easy, given that the majority of compression programmes use the

name of the file being compressed for the archive name.

For example: If you were to compress the file

R1234567.SFT.CLIEOP.A123.TXT, the archive would be named

R1234567.SFT.CLIEOP.A123.ZIP.

11.3 Receiving compressed files

11.3.1 Conditions

• If you wish to receive compressed output from Equens, please specify this on

the Service Request form.

11.3.2 Features:

If you have stated that you wish to receive compressed files, the following will

apply: • All files you receive are compressed, it is not possible to compress specific file

types



46 Equens

• The names of both the ZIP archive and the archived file will comply with the

file name convention.

For example: the archive R1234567.SFT.CLIEOP.A123.ZIP would contain the

file R1234567.SFT.CLIEOP.A123.TXT



NON CONFIDENTIAL


12 Support processes: questions and changes

12.1 Equens Connect:Direct availability

Equens Connect:Direct will be available from 4 p.m. on Sunday to 7 a.m. on

Saturday. 98% availability will be guaranteed at these times.

12.2 Customer Services department contact information

File Transfer product support will be provided by Equens Customer Services

department.

The services will encompass the following:

• Answering questions by telephone

• Dealing with incidents

• Monitoring the file exchange and any underlying network connections

Please note: The support that Customer Services will provide is intended for

situations involving a standard connection to Connect:Direct.

In the event of deviation, Customer Services will not provide any support for

matters relating to the client's domain.

Customer services are available from Monday to Friday, with the exception of bank

holidays.

• Opening times: 8 am – 6 pm

• Telephone: 0900 - 0660 (for customers in The Netherlands)

Telephone: +31 (0)30 283 68 60 (for customers outside The Netherlands)

• Fax: +31 (0)30 283 51 33

• E-mail: [email protected]

Please note: Please submit any questions by telephone, not by e-mail.

12.3 Information on the Equens website

On www.equens.com you will find the following information regarding the Equens

Connect:Direct File Transfer System and the various connection types:

• Brochures

• Manuals

• Forms

• FAQs

12.4 Changing specifications

With the "Service Request Form Connect:Direct" you can:

• Register and deregister:

− The contact person

− Authorised persons

• Change contact details:

− Organisational information



48 Equens

− Telephone number and/or e-mail address of the contact person

• Change service specifications:

− Whether you want to connect via the Internet or via a Leased Line

− Whether you want to receive compressed files

− At which e-mailaddress you would like to receive error messages

(E-mail messages that inform you of a message that could not be

processed, e.g. by using an incorrect file name).

You must fill in and send a separate copy of the form for each request and/or

change! This form can be requested from Customer Services or can be

downloaded from our website: www.equens.com

(Support - Forms - Connectivity Services)

This Service Request Form is only for submitting changes in the transport of data.

For the processing of the data files you are sending, you will need to make

agreements with the appropriate Equens business unit/department.

12.5 Changing connection type

If you wish to deliver data using a connection type other than Connect:Direct,

please contact the Customer Services department.

12.6 Terminating the connection

Termination of the Connect:Direct connection must be done in writing.

When terminating the connection you must ensure that all streams for which you

use Connect:Direct are migrated in a timely fashion. This means that the relevant

processing agreements must be amended.

12.7 Changing and terminating processing agreements

Changing and/or terminating your processing agreements must be arranged with

your bank and the Equens business unit that carries out the processing activities,

in accordance with the relevant procedures.

Documents

Connect Direct Manual En