Manual Connect:Direct: Connecting to the Secure File Transfer System of Equens

Manual Connect:Direct
Connecting to the Secure File Transfer System of Equens
Final
Equens
Classification: NON CONFIDENTIAL
Version 1.0 - 2 March 2009
Version history
Version Version Status Edited by Most important

number date edit(s)
1.0 02-Mar-09 Final Equens Revision of the manual.
Connect:Direct is a trademark of Sterling Commerce.
Equens
Manual Connect:Direct NON CONFIDENTIAL
Content
1 Introduction................................................................................. 6
1.1 Maintenance of this document ............................................................6
1.2 Target groups ..................................................................................6

1.3 Structure of this manual ....................................................................6
2 Equens Connect:Direct Network variants and infrastructure .......... 8

2.1 Two network variants........................................................................8
2.1.1 Connect:Direct via Internet ...................................................8
2.1.2 Connect:Direct via a Leased Line............................................8
2.2 Infrastructure ..................................................................................9
3 Security ..................................................................................... 10
3.1 Introduction .................................................................................. 10
3.2 Encrypted file transmission via SSL ................................................... 10
3.3 Authentication by means of certificates .............................................. 11
4 File naming and routing mechanism............................................ 14

4.1 Introduction .................................................................................. 14
4.2 Connect:Direct file name convention.................................................. 14

4.3 Routing of files to Equens and third parties ......................................... 16
4.4 Receipt of different file types............................................................ 16
5 Fallback and backup facilities ..................................................... 17
5.1 Standard situation .......................................................................... 17

5.2 Scenario in the event of local problems .............................................. 17
5.3 Scenario in the event of a network failure at the Utrecht location ........... 18
5.4 Scenario in the event of a total failure at the Utrecht location ................ 19
6 Configuration of your network .................................................... 20
6.1 Configuration of the firewall ............................................................. 20
6.2 Configuration of the Connect:Direct node in your environment ............... 20
7 Requesting and installing of a certificate..................................... 21
7.1 Introduction .................................................................................. 21

7.1.1 Procedure......................................................................... 21
7.1.2 Preparation....................................................................... 21
Equens Version 1.0 - 2 March 2009 3

7.1.3 Maintenance .................... Fout! Bladwijzer niet gedefinieerd.

7.2 Requesting a certifcate.................................................................... 23
7.3 Retrieving the certificate.................................................................. 27
7.4 Exporting the certificate .................................................................. 32

7.5 Importing the certificate in your Connect:Direct node ........................... 37
7.6 Retrieving the Equens certificaat (CA certificate).................................. 38

7.7 Importing the Equens CA certificaat in your Connect:Direct node............ 39
7.8 Retrieving of the Certification Revocation List...................................... 39
8 Testing your connection ............................................................. 40
8.1 Introduction .................................................................................. 40

8.2 Difference between three test types .................................................. 40
8.3 Connection test.............................................................................. 41
8.3.1 Connection test features and conditions................................. 41
8.3.2 Connection test execution ................................................... 41
8.4 Filetransfer test ............................................................................. 41

8.4.1 Filetransfer test features and conditions ................................ 41
8.4.2 Filetransfer test execution ................................................... 41
8.5 Processing tests ............................................................................. 42
8.5.1 Processing test features and conditions ................................. 42
8.5.2 Requesting the processing tests ........................................... 42
9 File sending................................................................................ 43
9.1 Introduction .................................................................................. 43

9.2 Automatic file sending..................................................................... 43
9.3 Binary file sending......................... Fout! Bladwijzer niet gedefinieerd.
10 File delivery ............................................................................... 44
10.1 Introduction .................................................................................. 44
11 Working with compressed files ................................................... 45
11.1 Introduction .................................................................................. 45

11.1.1 Compression programme conditions...................................... 45
11.1.2 Binary file transmission ...................................................... 45
11.2 Sending compressed files ................................................................ 45

11.2.1 Conditions ........................................................................ 45
11.3 Receiving compressed files .............................................................. 45

11.3.1 Conditions ........................................................................ 45
11.3.2 Features: ......................................................................... 45
4 Equens
12 Support processes: questions and changes ................................. 47

12.1 Equens Connect:Direct availability..................................................... 47
12.2 Customer Services department contact information.............................. 47
12.3 Information on the Equens website ................................................... 47

12.4 Changing specifications ................................................................... 47
12.5 Changing connection type................................................................ 48

12.6 Terminating the connection.............................................................. 48
12.7 Changing and terminating processing agreements ............................... 48

1 Introduction
In this manual you will find information about Connect:Direct, one of the four
connection types of the Secure File Transfer System. Information about the other
three connection types can be found in the "Quick reference Equens Connectivity
Services".
In the "Quick reference Connect:Direct" you can find a description of the
administrative connection procedure.
1.1 Maintenance of this document

This document is managed and maintained by Equens IT's System & Connectivity
department. Amendment and publication of this document may be carried out
solely by this department.
New versions of this document will be made available as PDF files.

When a new version of the document is published, Equens will send the customer
an e-mail notification. The notification will be sent to the e-mail address you've
stated in the "Applicant details" field on the Connect:Direct Service Request Form.
We would be grateful for any feedback regarding any unclear or incorrect

information found in this manual. Please send your response to the Equens
Customer Services department.
1.2 Target groups

This manual is primarily intended for network specialists, functional and technical
designers and administrators, ICT architects and programmers who are involved in
the implementation and use of the Connect:Direct connection.
1.3 Structure of this manual

This manual is divided into three sections in which the following is explained:
• Configuration of the connection with Connect:Direct
• How to make a connection
• Recurring procedures
The above three sections are explained in further detail below.
The first section describes how Equens has configured the connection with
Connect:Direct and comprises chapters 2 to 5, which contain the following
information:
• Network variants via which you will be able to connect to Connect:Direct
• How the security works
• The manner in which the system will route your data to its destination on the
basis of file names
• How Equens has set up the backup and fallback.
The second section explains in detail the one-off procedure you must perform in
order to carry out future submissions of your data using Connect:Direct. This
section comprises chapters 6 to 8, which contain the following information:
6 Equens
• The technical aspects of connection (organisation of your network)

• The requesting and installing of a certificate
• Testing your connection.
The third section explains in detail the activities that recur. This section comprises
chapters 9 to 12, which contain the following information:
• How to send files
• How files are delivered
• How to handle compressed files
• How to submit questions and/or changes.

2 Connect:Direct Network variants and infrastructure
2.1 Two network variants

Two network variants can be used for Connect:Direct
• Connect:Direct via the internet
• Connect:Direct via a Leased Line
These two types are equal in terms of security: The security will be organised on
application level with Secure Plus (SSL encryption).
A connection via the internet is advantageous, as it enables high-speed transfers.

Furthermore, if you already have an internet connection, the costs will naturally
be lower.
If you should opt for a more robust connection, the Leased Line is a good solution.
This will involve additional costs ensuing from the management of the Leased Line
by the connection provider. Furthermore, this connection is not a standard Equens
network variant, and is realised in project form. This will also involve additional
costs.
The two network variants will be discussed in the subsequent sections.
2.1.1 Connect:Direct via Internet

This network variant is the preferred choice of both Equens and the majority of
users. Its characteristics are as follows:
• The file transfer speed will depend on the internet connection bandwidth.
Please note: As a rule, the available bandwidth cannot be guaranteed in the
event of internet use.
• Securing your internet-linked infrastructure will be your responsibility, in
addition to which Equens strongly recommends using firewalls.
2.1.2 Connect:Direct via a Leased Line

For banks and large corporates, Equens has the possibility to connect via a Leased
Line. This Leased Line is based on a dedicated network and therefore has no
relationship with the internet. Furthermore, agreements can be made with regard
to bandwidth guarantees and availability. As a result, such connections have a
different level of security. The Leased Line connection can be scaled from 128
Kb/second to 155 MB/second.
This connection can also be useful if you exchange multiple types of traffic with
Equens.
From a technical point of view, connecting to such a connection is extremely
similar to an internet connection.
Given the fact that these connections are always tailor-made, please contact
Customer Interaction for additional information. This will not be discussed in any
further detail in this manual.
8 Equens
2.2 Infrastructure
When the connection is made to Connect:Direct the infrastructure will appear
approximately as shown in the following figure:
Figure 1: Infrastructure for connection to Connect:Direct

3 Security
3.1 Introduction
This chapter describes how the security of your data and the continuity of services
will be guaranteed.
Agreements and technical facilities will ensure that the Equens Secure File
Transfer System secures your data at all times. The security aspects are as
follows:
Authenticity
Authenticity will be ensured by means of the following:
• certificate verification
• a firewall rule will be added for your IP-address
Confidentiality
Confidentiality regarding public and internal connections will be guaranteed
through the use of Connect:Direct with Secure Plus (SSL encryption).
Integrity
The integrity of the data that is to be transported will be guaranteed via the SSL
hashing mechanism (digital signature).
Authorisation
Authorisation will be granted by means of the following:
• check on IP-address
• check on Node name
• contract conclusion checks
3.2 Encrypted file transmission via SSL

When using Connect:Direct you will exchange files that may contain confidential
information via Connect:Direct with Secure Plus. In use, Connect:Direct with
Secure Plus will be very similar to standard Connect:Direct, but one important
difference is the fact that all confidential information will be encrypted via SSL.
The nodes will automatically carry this out for you.
One major advantage to this security method is that it is end-to-end: from node
to node. The data will not only be encrypted in the public part of the network, but
also on the internal networks of the client and Equens.
An additional advantage to this method is the fact that the network link between
the client and Equens will no longer need to be secured separately. In principle, it
will be possible to send files over any type of network, including the internet.
10 Equens
Figure 2: The connection via Connect:Direct is secured end-to-end via SSL
3.3 Authentication by means of certificates

An important aspect of the Connect:Direct infrastructure is the use of digital
certificates. The Connect:Direct nodes are equipped with certificates for the
purpose of authentication. This authentication is based on the nodes only
accepting one another's certificates when they have been signed by the correct
(Equens) Certificate Authority.

A Getronics Pink Roccade PKI (Public Key Infrastructure) service will be used to
issue certificates. This company sets high standards for the construction and
management of PKI systems. Getronics Pink Roccade has set up a private CA
(Certificate Authority) for the benefit of Equens. Private, in relation to this matter,
means that this CA will only issue certificates for the Connect:Direct (and Secure
FTP) service. Conversely, the Connect:Direct service will only accept clients with
certificates issued by this CA.
Equens will have full control over issuing of certificates and will determine which
certificate applications will be accepted or rejected via a RA function. Equens will
also be able to revoke previously approved certificates if, for example, a security
risk is established or a contract expires.
12 Equens
Figure 3: Issuing of certificates by Equens

4 File naming and routing mechanism
4.1 Introduction
When you wish to exchange files with Equens via Connect:Direct , the file names
must comply with a specific naming convention.
Files sent will be routed to the appropriate Equens processing system on the basis
of the file name. Equens will not be able to route files sent whose name does not
comply with the naming convention and will therefore be unable to process them.
In such cases you will receive an error message by e-mail.
4.2 Connect:Direct file name convention

The following standard will apply within Secure FTP with regard to the structure of
file names:
<SENDER>.<DESTINATION>.<TYPE>.<REFERENCE>.<EXTENSION>
14 Equens
The separate fields are defined as follows:
Field Description
<SENDER> The ID of the submitting party.
This will be assigned by Equens and made known to the client.
<DESTINATION> The ID of the destination.
This will include 'SFT' if the file is destined for an Equens
system (not 'INTERPAY' or 'EQUENS').
If the destination is outside of Equens, the field must be filled
with a destination name that has been assigned by Equens.
<TYPE> The ID of the file type being exchanged.
A complete overview of the file types most often used can be

found at www.equens.com
<REFERENCE> A unique file reference assigned by the submitting party.
The field must begin with a letter and be unique to each
submitting party within 35 days.
<EXTENSION> An addition to the file name that indicates by which application
the file can be processed.
Important extensions include the following:

TXT ('readable' data)
DAT (binary)
PDF (Adobe Reader format)
XLS (Microsoft Excel format)
ZIP (compressed files).
Each extension can be routed on by Equens.
Table 1: Explanation of file name components
Specifications:
• Each field is mandatory
• Each field must begin with a letter
• The maximum field length is eight characters
• The file name must comprise of only capital letters.
An example of a correct file name:

R1234567.SFT.CLIEOP.C1234567.TXT
Please refer to the appendix "The relationship between the Secure FTP naming
convention and the 'old' I-Connect interface description" for information regarding
the relationship between the current Secure FTP naming convention and the
previous I-Connect interface with token files.
PLEASE NOTE: When sending files with Connect:Direct you will need to include
your mailbox number before the filename. The mailbox addition MUST be in
lowercase characters (the other part of the filename in CAPITALS). Below is an
example filename for mailbox M1234567 (your mailbox number can be requested
from the Customer Interaction department).

/m1234567/R1234567.SFT.CLIEOP.C1234567.TXT
4.3 Routing of files to Equens

In the Secure File Transfer System of Equens, data files will be routed to the
correct destination on the basis of the file name.
• The client sends the files for processing by Equens. The system may or may
not create output.
4.4 Receipt of different file types

A customer will be able to receive numerous file types via the Secure File Transfer
System. Each type can be processed by a specific application within the
customer's system.
The customer must have a mechanism that ensures that each file type is routed to
the correct application on the basis of the field <TYPE>.
Equens can only issue multiple DESTINATION names to a customer in complex
cases (for example, if a group has numerous offices, all of which process the same
file types and also share the same connection). The customer will then be able to
route internally on the basis on the <DESTINATION> in the file name.
DESTINATION name requests will be subject to extra charges.
16 Equens
5 Fallback and backup facilities
5.1 Standard situation

Equens will have two identical environments at a primary location with a backup
facility at a secondary location.
Under normal circumstances each client will have a Connect:Direct connection
with the primary location.
This is shown in the following figure:
Figure 4: Route through Equens environment under normal circumstances
5.2 Scenario in the event of local problems

Local problems will be dealt with by the additional identical set of equipment at
the primary location.

5.3 Scenario in the event of a network failure at the primary location

In the event of a network failure in the primary location, the system will
automatically use the network infrastructure in the secondary location. With the
exception of a brief hiccup, the client will not notice any difference.
Figure 5: Route through Equens environment in the event of a network failure at

the primary location
18 Equens
5.4 Scenario in the event of a total failure at the primary location

In the event of a total failure at the primary location, a procedure will be started in
order to summon the secondary location as the fallback location.
A number of procedures will ensure that the Connect:Direct traffic for the different
network variants is routed to the secondary location. During these procedures
connection with Equens will not be possible. The customer will notice no difference
after summoning of the fallback location and does not need to make any
additional changes.
Please refer to the Secure File Transfer System Service Level Agreement (SLA) for
the downtime.
Figure 6: Route through Equens fallback environment in the event of a total failure
at the primary location

6 Configuration of your network
This chapter explains the procedure for connecting to the Secure File Transfer
System at network level. Once the connection has been made it will be possible to
work with Connect:Direct at transportation level.
Two network variants can be used for Connect:Direct:

• Connect:Direct via Internet
• Connect:Direct via a Leased Line
The specifications for these network variants are described in chapter 2, "Equens
Connect:Direct Network variants and infrastructure".
6.1 Configuration of the firewall

In order to be able to use Connect:Direct, you will need to open firewall tcp port
1364 for sft.equens.com (82.195.45.60) for production (the sft.equens.com will
become active half June 2009, before that time please use sft.interpay.nl).
For our Acceptance environment (previously called Test environment) You will
need to open firewall tcp port 1364 for sftacc.equens.com (82.195.45.59).
This way the correct type of traffic will be allowed from your Connect:Direct node
(the machine that makes the physical connection with the Connect:Direct node
with Equens).
Please note: If you wish to carry out processing tests (please refer to section 8.5,
"Processing tests"), you must connect to the test environment.
6.2 Configuration of the Connect:Direct node in your environment

For configuring your Connect:Direct node you will need to add the IP-address or
the Node name of the Equens Connect:Direct node in your configuration.
Production-environment: IP-address: 82.195.45.60 (node: SFT)

Test-environment: IP-address: 82.195.45.59 (node: SFTACC)
20 Equens
7 Requesting and installing of a certificate
7.1 Introduction
In this chapter we show you how to obtain a certificate (also called "Digital ID")
and install this in your Connect:Direct node.
7.1.1 Procedure
In general the procedure is as follows:
• You install the client certificate
− You request the certificate with Equens via your browser
− You pick up the certificate from Equens via your browser
− You export the certificate out of your browser
− You import the certificate into your Connect:Direct node
• You install the Equens CA certificate
In the following paragraphs the procedure is escribed further.
7.1.2 Preparation
Before you commence the procedure, it is important that you pay attention to the
following aspects.
Choice of applicant
First determine which employee requests the certificate, as the certificate will be
linked to the person who has requested it! This is the only person who can extend
and revoke the certificate. When the person who requested the certificate leaves
the company, it will be necessary to request a new certificate. Please keep this in
mind when you determine which person requests the certificate.
Choice of e-mail address

The certificate can only be retrieved with the PC that is used to request it. Make
sure you can access your e-mail on or close to the same PC as the one you have
requested the certificate with. A production certificate is valid for two years (the
test certificate is valid for one year). At this e-mail address we will send a warning
when the certificate is about to expire. Please keep that in mind when you
determine which e-mail address you will enter.
Transfer of certificates to the Connect:Direct node

In case the machine where the Connect:Direct node will be active is a different
machine as the machine which retrieved the certificates, the exported client
certificate and the retrieved Equens certificate need to be transferred.
Browser choice
The procedure and screenshots in this manual are based on the use of Microsoft
Internet Explorer. Equens strongly advises to use this browser. With other browser
a correct operation cannot be guaranteed. Equens does not provide support with
problems using other browsers than Microsoft Internet Explorer.

Potential error messages

If you are using Windows XP with Service Pack 2, there is a chance you will get
the error message "Error 1B6 occurred. You may need to install OnSiteMSI".
Through the website www.pki.pinkroccade.com, 'Support', 'Issues', 'OnSiteMSI
error' you can download a file with the OnSiteMSI file and an installation manual.
Converting certificates
Some nodes are not able to read the standard exported format. The certificate
needs to be converted. See the "Frequently asked questions - Connectivity
services" at www.equens.com
Securing your certificate

It is recommended to safeguard the exported client certificate.
Make a backup on an external carrier and store this in a safe place.
If the certificate is lost, you will need to request a new certificate.
Extending your certificate on time

A production certificate is valid for two years (a test certificate for one year). You
can extend a certificate each time for the same length of time. When a certificate
tends to expire you will be warned by e-mail.
Once your certificate is expired, it is not possible to extend it. You will need to
request a new certificate. Please note that requesting a new certificate takes more
time than extending a certificate, because for a new certificate you will need to
request a new pincode.
It is advised you start the extension of your certificate at least a month before the
expirydate.
22 Equens
7.2 Requesting a certifcate

As soon as you have indicated you wish to be connected via Connect:Direct, you
will receive an URL and an access code for the CA website for Equens.
With this access code you can request a user certificate from Equens.
Note: As of October 16, 2006 Interpay is operating under the name Equens.
However, the PKI environment at PinkRoccade is still active under the name
Interpay Nederland.
In the URL you will receive, as well as in the address bar of the browser you will
see /InterpayNederlandBV/
Step 1 Copy the URL and paste this into the addressbar of your browser
URL Production:
https://mpki.pinkroccade.com/services/InterpayNederlandBV001/digitalidCenter.htm
URL Acceptance (Test):

https://mpki-test.pinkroccade.com/services/InterpayNederlandBV/digitalidCenter.htm
The following screen will be displayed:
Please note: 'Digital ID' is a synonym for 'certificate'.

Figure 7: The openingpage with the options for certificates.
Step 2 Click the first option, 'Enroll'

Figure 8: The form for requesting a certificate.
24 Equens
Step 3 Fill in the contact- and identification data as described below:
• The name of the applicant or the name of one of the persons authorized to
change the password.
Please note that the certificate will be linked to the person who has requested
it. This is the only person who can extend or revoke the certificate. If the
person who has requested the certificate leaves the company it will be
necessary to request a new certificate. Please keep this in mind when deciding
whose name the certificate is requested.
• The e-mailaddress where you will receive notifications at.

The first notification you will receive at this e-mailaddress is a confirmation of
your request and the necessary information for retrieving the certificate.
A production certificate is valid for two years (a test certificate is valid for one
year). At this e-mailaddress we will warn you when the certificate is about to
expire. Please keep this in mind when deciding which e-mailaddress you will
use.
• The access code for the CA website you have received together with the
URL, also known as the 'Certificate Enrollment PIN'
This pincode is only valid for issuing this certificate. You do not need to
safekeep the pincode after requesting the certificate. If you request a new
certificate, you will receive a new pincode.
• A 'Challenge Phrase'
The Challenge Phrase is case sensitive and may not contain any punctuation.
The Challenge Phrase is a sentence you will need to remember. You will need
this sentence when extending your certificate. In case you do not remember
the Challenge Phrase anymore, you will need to request a new certificate and
start the certificate request procedure from the beginning.
Step 4 Send the form by clicking the 'Submit' button

You will get the message below, asking you to confirm your e-mail address and if
the correct e-mail address has been entered.
Figure 9: It is important that you have entered your e-mail address correctly.

Step 5 Confirm that you have entered the correct e-mail address
If you click on 'Cancel', you will get the opportunity to correct the e-mail address
in the Enrollment form.
If you click 'OK', the form will be processed.
Next you will get the screen below and a message from the Internet Explorer.
Figure 10: A standard Internet Explorer security.
Step 6 Click 'Yes'

The request is finished.
The following screen will be displayed notifying you that an e-mail has been sent
containing instructions for installing the certificate.
Figure 11: You see a confirmation that your request has been received.
26 Equens
When you check your e-mail, you should see the message below.
From: certificate
Send: woensdag 2 augustus 2006 14:13
To: Janssen, Dhr. G.A. (Geert)
Subject: Equens Digital ID request confirmation
Dear G.A. Janssen,
Thank you for requesting a Digital ID.

Equens Nederland B.V. is processing your request,
and will notify you when your Digital ID is ready.
If you have questions about your application, please

contact Equens Nederland B.V. by replying to this
e-mail message.
Figure 12: You receive a request confirmation by e-mail.
The status now is as follows:

• A Private Key is created in the browser on this computer
• Your request is processed by Equens
• You have received an e-mail stating your request is confirmed
• Some time later you will receive an e-mail containing instructions for installing
the certificate with the matching pincode
7.3 Retrieving the certificate

Now you have requested the certificate, it is ready to be retrieved and be
installed.
Step 7 Open the second e-mail message

In this message the data is given that you will need to retrieve the certificate.

From: certificate
Send: woensdag 2 augustus 2006 14:24
To: Janssen, Dhr. G.A. (Geert)
Subject: Your Equens Digital ID is ready
Dear G.A. JANSSEN,
Equens Nederland B.V. has approved your Digital ID request.
To assure that someone else cannot obtain a Digital ID that

contains your personal information, you must retrieve your
Digital ID from a secure web site using a unique Personal
Identification Number (PIN).
You can retrieve your Digital ID by following these simple

steps:
Step 1: Visit the Digital ID retrieval web page, at:
https://mpki.pinkroccade.com/services/
InterpayNederlandBV/client/mspickup.htm
Step 2: In the form, enter your Personal Identification

Number (PIN):
Your PIN is: 641625923
Step 3: Follow the instructions on the page to complete the

installation of your Digital ID.
If you have any questions or problems, please contact Equens

Nederland B.V. by replying to this e-mail message.
Figure 13: The e-mail with instructions and pincode.
As indicated in the e-mail, you will need to perform the following steps:
• You copy/paste the URL mentioned in your e-mail into the addressbar of your
browser
• In the form that appears in your browser, please type the pincode mentioned in
the e-mail
• Please follow the instructions given in the form in your browser
Step 8 Copy the URL and paste this in the addressbar of your browser
You will get the following screen:
28 Equens
Figure 14: The page where you retrieve your certificate.

Step 9 Type the pincode mentioned in the e-mail and click 'Submit'
Please pay attention! You will need to retrieve the certificate with the same PC
that you have used to request the certificate.
If you don't, you will get the following error message:
Figure 15: Error message when you use a different PC.
Next you will see the screen below, a message from Internet Explorer:
Figure 16: A standard security message from Internet Explorer.
30 Equens
Step 10 Click 'Yes'

Retrieval of the certificate is now complete.
You will see the screen below, it indicates that the certificate was generated
successfully and has been installed on that PC.
Figure 17: Confirmation of the certificate installation.

7.4 Exporting the certificate

The certificate has now been imported in your browser.
You will need to export it from here, so you can import it into the Connect:Direct
node.
Step 11 Call the dialogue screen for certificates

• In the browser menu choose 'Extra' and 'Options'
Figure 18: Through the Options-screen you go to the certificates screen.
32 Equens
• Click the button 'Certificates'

The following screen is displayed:
Figure 19: The screen where you manage the certificates in your browser.
Step 12 Choose the correct certificate

Click the certificate you have just installed.
The screen below is displayed. Click 'Next' to continue.
Figure 20: Certificate export screen.

Step 13 Confirm you want to export the certificate

In the next screen you are warned that you will need to protect the certificate with
a password. This is certainly recommended, so choose option 'Yes' and click
'Next'.
Figure 21: Exporting the certificate private key.
Step 14 Enter the export options

You will need to enter several preferences.
Tick the bottom two options under 'Personal Information Exchange':
• 'Enable strong protection'
With this you choose for a strong security (protection).
• 'Delete the private key if the export is successful'
Tick this option only after you have succesfully exported the certificate. If you
tick this option you cannot export the certificate again.
After ticking this option and exporting the certificate it will be impossible for
someone else to export the certificate again!
Click 'Next' again.
34 Equens
Figure 22: Important options related to security.
Step 15 Enter a password

In the next screen you will need to enter a password.
You will need this password again when you are importing the certificate into your
Connect:Direct node.
Figure 23: Security through a password.

Step 16 Save the certificate file

Next you will need to enter where on your harddisk the certificate needs to be
saved and under which name it is saved.
Figure 24: Saving the certificate on the harddisk.
Step 17 Finish the export procedure

Next you will see an overview of the specifications you have entered with the
possibility of making adjustments by using the 'Back' key.
If you are satisfied, please click 'Finish'.
Figure 25: Overview of the specifications entered.
36 Equens
You will get a confirmation that the export was successful. Click 'OK' to continue.
Figure 26: The confirmation that the export was successful.
Subsequently you can find the saved certificate/file in the Explorer.
Figure 27: The certificate/file in the Explorer.
7.5 Importing the certificate into your Connect:Direct node

For importing the certificate in your Connect:Direct node we refer you to the
manual of your Connect:Direct node or request support from Sterling Commerce.
If you need to convert your certificate into a different format, please check our
"Frequently asked questions" section on the website of Equens (www.equens.com)

7.6 Retrieving the Equens server certificate (CA certificate)

By importing the CA certificate into your Connect:Direct node the computers of
Equens know to trust your computer.
Now you will need to configure your computer so that it will trust the Equens
computer.
Step 18 Go back to the openingspage of the Digital ID Center

Paste the URL you have received by postal mail into the addressbar of your
browser again.
The following screen is displayed:
Figure 28: The openingpage with the options for certificates.
38 Equens
Step 19 Choose the option 'Install CA'

A download is started immediately and the screen below is displayed, where the
system asks you if you want to open or save the file to your harddisk. Choose the
option 'Save'.
Figure 29: Save the certificate to your harddisk.
Step 20 Save the certificate to your harddisk
7.7 Importing the Equens CA certificate into your Connect:Direct node

For importing the certificate into your Connect:Direct node we refer you to the
manual of your Connect:Direct node or request support from Sterling Commerce.
7.8 Retrieving the Certification Revocation List

Some nodes can import a 'Certification Revocation List' (CRL) to check if a
certificate is still valid. This file contains a list of all revoked certificates. This list
can be downloaded at:
http://pki.pinkroccade.com/crl/InterpayNederlandBV001/LatestCRL.crl

8 Testing your connection
8.1 Introduction
It is advisable to first check whether the connection is functioning correctly and
whether the files are being sent on in the required manner. You can test this
easily by sending a file to yourself. This connection test and file transfer test can
simply be carried out in the Equens production environment.
If you also wish to carry out processing tests, you must carry these out in the test
environment (!) and schedule the test at least one week in advance in
consultation with the Customer Services department and the relevant business
unit.
8.2 Difference between the three test types

Tests can be carried out at three levels:
• Level A: connection test
• Level B: file transfer tests
• Level C: processing tests (application level).
The level A and B tests relate specifically to the Connect:Direct connection.
The level C tests are not related to the connection type.
The following figure shows the levels at which the tests should be carried out.
Figure 30: Testing for Connect:Direct will take place at three levels
Testing can only commence if the following conditions have been met:
• All relevant data must have been entered in the various Equens databases
• You must have installed a Connect:Direct node
• You must have installed the client and server certificate
40 Equens
8.3 Connection test
8.3.1 Connection test features and conditions
Feature Description
Subject The connection with Equens Connect:Direct.
This involves aspects such as:
• Setting up a connection with Connect:Direct and
Secure Plus
• The compression mechanism
Objective Checking whether the Equens Connect:Direct
specifications have been properly implemented with
the customer.
Conditions You do not need to contact Equens in order to carry
out this test.
Importance Recommended
Environment Production environment
Table 2: Features of the Connect:Direct connection test
8.3.2 Connection test execution

You must use your Connect:Direct in the production environment to test whether
a connection can be realised. Please refer to the documentation of your
Connect:Direct node.
Please note: It is not the intention of a connection test to send files to Equens. For
sending files you need to perform a filetransfer test.
8.4 Filetransfer test
8.4.1 Filetransfer test features and conditions
Feature Description
Subject Routing from and to yourself.
Objective Checking whether the file transfer via Connect:Direct
between Equens and the customer is successful.
Conditions You do not need to contact Equens in order to carry
out this test.
Importance Recommended
Environment Production environment
Table 3: Features of the Connect:Direct filetransfer test
8.4.2 Filetransfer test execution

File transfer tests consists of sending files to yourself.
Please do this in the following manner:

• Give the file the correct name:

- For <DESTINATION> enter the same as for <SENDER>
- Enter the SELFTEST value for <TYPE>
Please refer to section 4.2, "Connect:Direct file name convention" for the file
name structure.
• Set up a connection to the Connect:Direct node of Equens
• Send a file to yourself
See section 9, "File sending"
The file will be fully processed at Equens.
This means that the file will be routed on to the addressee, in this case
yourself.
• Check if the file is delivered at your Connect:Direct node.
8.5 Processing tests
8.5.1 Processing test features and conditions
Feature Description
Subject The content and layout of the files.
Objective Checking whether file transfer and data processing
(for Equens-specific business) between Equens and
the customer via Connect:Direct is successful.
Conditions • If you use separate test machines you must
request a test certificate
• These tests must be scheduled at least one week in
advance in consultation with the Equens Customer
Services department
Importance Not mandatory
Environment Test environment (sftacc.equens.com)
(testing in the production environment is not
permitted).
Table 4: Features of the Connect:Direct processing test
8.5.2 Requesting the processing tests

Processing tests will be carried out on the Equens test environment.
If you wish to carry out processing tests (i.e. at application level), you must carry
these out on the test environment (!) and schedule the tests at least one week in
advance in consultation with the Customer Services department. The Connectivity
Management connection coordinator will contact you to plan the tests.
In the event of a non-standard connection or connection to systems other than

the giral Clearing and Settlement System, this connection coordinator will draw up
the test procedure in consultation with the owner of the processing system. These
connection processes are always carried out on a project basis.
42 Equens
9 File sending
9.1 Introduction
You can send files to Equens using commands in your Connect:Direct node. When
sending files you will need to initiate the transfer.
You can also send compressed data files. Please refer to chapter 11, "Working
with compressed files" for additional information.
9.2 Automatic file sending

Most Connect:Direct nodes have the possibility to send files automatically. The
node can be configured so that it will check a directory on the local system for
waiting files. If this is the case, the files will be sent to Equens without any further
action being required from the user. If the files are sent successfully the node can
remove the files.
You can use a "File agent" for this, but you are responsible for futher automation,
Equens does not provide support for this.

10 File delivery
10.1 Introduction
Files addressed to you are "pushed" to you by Connect:Direct, you do not need to
take the initiative to retrieve the files.
It is not possible to retrieve files again that have previously already been supplied
to you. If you would like to receive a file that has already been supplied to you,
you will need to contact our department Customer Services.
Files to be retrieved will remain available within the system for 30 days. When this
period has elapsed, the files will be deleted and cannot be resupplied.
44 Equens
11 Working with compressed files
11.1 Introduction
Files can be compressed in order to reduce their size and therefore also the
amount of time it takes for them to be transmitted. If the bandwidth is sufficient,
compression will not be necessary and consequently advised against.
11.1.1 Compression programme conditions

• Your compression programme must be compatible with PKZIP version 2.04g.
• Acquisition and use of compression software will be your own responsibility.
• Please refer to your compression programme manual for information regarding
file compression and decompression.
11.1.2 Binary file transmission

You must use binary transmission in order to both send and receive compressed
files, please see section 9.3, "Binary file sending".
11.2 Sending compressed files
11.2.1 Conditions
• You will be able to send both compressed and uncompressed files.
Contrary to when you would like to receive compressed files, there is no need
to state this on the Service Request form.
• The compressed file that you wish to send may not contain more than one data
file.
• Although the file name in the archive does not need to comply with the naming
convention, it is advisable.
This is also easy, given that the majority of compression programmes use the
name of the file being compressed for the archive name.
For example: If you were to compress the file
R1234567.SFT.CLIEOP.A123.TXT, the archive would be named
R1234567.SFT.CLIEOP.A123.ZIP.
11.3 Receiving compressed files
11.3.1 Conditions
• If you wish to receive compressed output from Equens, please specify this on
the Service Request form.
11.3.2 Features:
If you have stated that you wish to receive compressed files, the following will
apply:
• All files you receive are compressed, it is not possible to compress specific file
types

• The names of both the ZIP archive and the archived file will comply with the
file name convention.
For example: the archive R1234567.SFT.CLIEOP.A123.ZIP would contain the
file R1234567.SFT.CLIEOP.A123.TXT
46 Equens
12 Support processes: questions and changes
12.1 Equens Connect:Direct availability

Equens Connect:Direct will be available from 4 p.m. on Sunday to 7 a.m. on
Saturday. 98% availability will be guaranteed at these times.
12.2 Customer Services department contact information

File Transfer product support will be provided by Equens Customer Services
department.
The services will encompass the following:

• Answering questions by telephone
• Dealing with incidents
• Monitoring the file exchange and any underlying network connections
Please note: The support that Customer Services will provide is intended for
situations involving a standard connection to Connect:Direct.
In the event of deviation, Customer Services will not provide any support for
matters relating to the client's domain.
Customer services are available from Monday to Friday, with the exception of bank
holidays.
• Opening times: 8 am – 6 pm
• Telephone: 0900 - 0660 (for customers in The Netherlands)
Telephone: +31 (0)30 283 68 60 (for customers outside The Netherlands)
• Fax: +31 (0)30 283 51 33
• E-mail: sft@nl.equens.com
Please note: Please submit any questions by telephone, not by e-mail.
12.3 Information on the Equens website

On www.equens.com you will find the following information regarding the Equens
Connect:Direct File Transfer System and the various connection types:
• Brochures
• Manuals
• Forms
• FAQs
12.4 Changing specifications

With the "Service Request Form Connect:Direct" you can:
• Register and deregister:
− The contact person
− Authorised persons
• Change contact details:
− Organisational information

− Telephone number and/or e-mail address of the contact person

• Change service specifications:
− Whether you want to connect via the Internet or via a Leased Line
− Whether you want to receive compressed files
− At which e-mailaddress you would like to receive error messages
(E-mail messages that inform you of a message that could not be
processed, e.g. by using an incorrect file name).
You must fill in and send a separate copy of the form for each request and/or
change! This form can be requested from Customer Services or can be
downloaded from our website: www.equens.com
(Support - Forms - Connectivity Services)
This Service Request Form is only for submitting changes in the transport of data.
For the processing of the data files you are sending, you will need to make
agreements with the appropriate Equens business unit/department.
12.5 Changing connection type

If you wish to deliver data using a connection type other than Connect:Direct,
please contact the Customer Services department.
12.6 Terminating the connection

Termination of the Connect:Direct connection must be done in writing.
When terminating the connection you must ensure that all streams for which you
use Connect:Direct are migrated in a timely fashion. This means that the relevant
processing agreements must be amended.
12.7 Changing and terminating processing agreements

Changing and/or terminating your processing agreements must be arranged with
your bank and the Equens business unit that carries out the processing activities,
in accordance with the relevant procedures.
48 Equens

Manual Connect:Direct: Connecting to the Secure File Transfer System of Equens

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manual Connect:Direct: Connecting to the Secure File Transfer System of Equens

Uploaded by

Copyright:

Available Formats

Manual Connect:Direct

Connecting to the Secure File Transfer System of Equens

Version Version Status Edited by Most important

Connect:Direct is a trademark of Sterling Commerce.

1.1 Maintenance of this document ............................................................6

1.2 Target groups ..................................................................................6

2 Equens Connect:Direct Network variants and infrastructure .......... 8

3.2 Encrypted file transmission via SSL ................................................... 10

3.3 Authentication by means of certificates .............................................. 11

4 File naming and routing mechanism............................................ 14

4.2 Connect:Direct file name convention.................................................. 14

4.4 Receipt of different file types............................................................ 16

5 Fallback and backup facilities ..................................................... 17

5.1 Standard situation .......................................................................... 17

6 Configuration of your network .................................................... 20

6.1 Configuration of the firewall ............................................................. 20

6.2 Configuration of the Connect:Direct node in your environment ............... 20

7 Requesting and installing of a certificate..................................... 21

7.1 Introduction .................................................................................. 21

Equens Version 1.0 - 2 March 2009 3

7.1.3 Maintenance .................... Fout! Bladwijzer niet gedefinieerd.

7.4 Exporting the certificate .................................................................. 32

7.6 Retrieving the Equens certificaat (CA certificate).................................. 38

7.8 Retrieving of the Certification Revocation List...................................... 39

8 Testing your connection ............................................................. 40

8.1 Introduction .................................................................................. 40

8.4 Filetransfer test ............................................................................. 41

9.1 Introduction .................................................................................. 43

9.3 Binary file sending......................... Fout! Bladwijzer niet gedefinieerd.

10 File delivery ............................................................................... 44

10.1 Introduction .................................................................................. 44

11 Working with compressed files ................................................... 45

11.1 Introduction .................................................................................. 45

11.2 Sending compressed files ................................................................ 45

11.3 Receiving compressed files .............................................................. 45

12 Support processes: questions and changes ................................. 47

12.3 Information on the Equens website ................................................... 47

12.5 Changing connection type................................................................ 48

12.7 Changing and terminating processing agreements ............................... 48

Equens Version 1.0 - 2 March 2009 5

1.1 Maintenance of this document

New versions of this document will be made available as PDF files.

We would be grateful for any feedback regarding any unclear or incorrect

1.2 Target groups

1.3 Structure of this manual

• The technical aspects of connection (organisation of your network)

Equens Version 1.0 - 2 March 2009 7

2 Connect:Direct Network variants and infrastructure

2.1 Two network variants

A connection via the internet is advantageous, as it enables high-speed transfers.

The two network variants will be discussed in the subsequent sections.

2.1.1 Connect:Direct via Internet

2.1.2 Connect:Direct via a Leased Line

Figure 1: Infrastructure for connection to Connect:Direct

Equens Version 1.0 - 2 March 2009 9

3.2 Encrypted file transmission via SSL

Figure 2: The connection via Connect:Direct is secured end-to-end via SSL

3.3 Authentication by means of certificates

Equens Version 1.0 - 2 March 2009 11

Figure 3: Issuing of certificates by Equens

Equens Version 1.0 - 2 March 2009 13

4 File naming and routing mechanism