Importing the SSL Bank certificate to the Client KeyStore
General procedure to create an EBICS User
Deactivating a proxy server for a bank
This topic provides information about the administration commands for the embedded EBICS Client. For more information, refer to the command help available in the command line interface (adminClient.bat --help or adminClient.sh --help).
Commands to administer Electronic Signature (including the embedded EBICS Client) are available inside the /bin directory.
Unless stated otherwise, the command must be launched from within the bin directory.
Filenames should be defined with their full path.
The general syntax of a line command is:
| OS | Command |
|---|---|
| Windows | adminClient.bat --[action] --[parameter 1] --[parameter 2] --[parameter n] |
| UNIX | adminClient.sh --[action] --[parameter 1] --[parameter 2] --[parameter n] |
Note: When using an abbreviated parameter name (short name), use one dash before the parameter (instead of two dashes).
adminClient.sh --action selectBank --bankName <XYZBank>
adminClient.sh -a selectBank -bn <XYZBank>
| Action | Command |
|---|---|
| Create a new Bank | -a createBank -bn <bankName> -hid <hostId> -url <url> [-ph <hostName> ][-pp <portNumber>] [-puser <user>] [-ppwd <password>] [-na <true/false>] [-sigalg <signatureVersionA:CredentialTypeA,signatureVersionB:CredentialTypeB> ] |
| Create a new customer | -a createCustomer -bn <bankName> -cid <customerId> [-d <true/false>] [-on <orderNumber>][-sigalg <signatureVersionA:CredentialTypeA,signatureVersionB:C redentialTypeB> ] |
| Update Customer | -a updateCustomer -bn <bankName> -cid <customerId> [-on <orderNumber>] [-d <true/false>] [-sigalg <signatureVersionA:CredentialTypeA,signatureVersionB:Cre dentialTypeB> ] |
| Create a new user | -a createUser -bn <bankName> -cid <customerId> -uid <userId> [-protv <H00n> ] [-sigv <A00n>] [-cert <true/false>] [-nosig <true/false>] [-d <true/false >] |
| Update a User | -a updateUser -bn <bankName> -cid <customerId> -uid <userId> [-nuid <newUserId>] [-protv <H00n> ] [-sigv <A00n>] [-cert <true/false>] [-d <true/false>] |
| Delete a User | -a deleteUser -bn <bankName> -cid <customerId> -uid <userId> |
| Delete a customer | -a deleteCustomer -bn <bankName> -cid <customerId> |
| Delete a Bank | a deleteBank -bn <bankName> |
| Select a Bank | -a selectBank -bn <bankName> [-dh <true/false> ] |
| Select all Banks | -a selectBank [-dh <true/false> ] |
| Update a Bank | -a updateBank -bn <bankName> [-hid <hostId>] [-url <url>] [-ph <hostname>] [-pp <portNumber>] [-pu <user>] [-ppwd <password>][-sigalg <signatureVersion A:CredentialTypeA,signatureVersionB:CredentialTypeB> ] |
| Initialize a user | -a initialize -bn <bankName> -cid <CustomerId> -uid <userId> [-on <orderNumber>] [-sc <signatureCertificate> ] [-sp <signaturePassword>] [-ec <encryptio nCertificate>] [-ep <encryptionPassword>] [-ac <authenticateCertificate>] [-ap <authenticatePassword>] [-r <numberOfRetries>] |
| Reset User Initialization | -a resetInitialization -bn <bankName> -cid <CustomerId> -uid <userId> [-sc <signatureCertificate> ] [-sp <signaturePassword>] [-ec <encryptionCertifica te>] [-ep <encryptionPassword>] [-ac <authenticateCertificate>] [-ap <authenticatePassword>] [-r <numberOfRetries>] |
| Send signature key to a User | -a ini -bn <bankName> -cid <customerId> -uid <userId> [-on <orderNumber>] [-sc <signatureCertificate>] [-sp <signaturePassword>] [-r <numberOfRetries>] |
| Send authentication and encryption keys a User | -a hia -bn <bankName> -cid <customerId> -uid <userId> [-on <orderNumber>] [-ec <encryptionCertificate>] [-ep <encryptionPassword>] [-ac <authenticateCer tificate>][-ap <authenticatePassword>] [-r <numberOfRetries>] |
| Initialize a User with H3K | -a h3k -bn <bankName> -cid <customerId> -uid <userId> [-sc <signatureCertificate>] [-sp <signaturePassword>] [-ec <encryptionCertificate>] [-ep <encrypt ionPassword>] [-ac <authenticateCertificate>][-ap <authenticatePassword>] [-r <numberOfRetries>] |
| Update the keys used with the bank | -a renewKeys -bn <bankName> -cid <customerId> -uid <userId> [-sc <signatureCertificate>] [-sp <signaturePassword>] [-ec <encryptionCertificate>] [-ep <e ncryptionPassword>] [-ac <authenticationCertificate>][-ap <authenticatePassword>] [-r <numberOfRetries>] |
| Update the signature key used with the bank | -a renewSigkey -bn <bankName> -cid <customerId> -uid <userId> [-sc <signatureCertificate>][-sp <signaturePassword>] [-r <numberOfRetries>] |
| Update the encryption and authentication keys used with the bank | -a renewAuthkey -bn <bankName> -cid <customerId> -uid <userId> [-ec <encryptionCertificate>] [-ep <encryptionPassword>] [-ac <authenticationCertificate> ][-ap <authenticatePassword>] [-r <numberOfRetries>] |
| Lock a user account |
-action lock -bn <bankName> -cid <customerId> -uid <userId> [-r <numberOfRetries>] Limitation: This command only works for an EBICS transport user. For security reasons the application does not store the private key of any EBICS signer user. Because this command needs the private key, you cannot lock an EBICS signer user. |
| Update the Bank keys | -action updateBankKeys -bn <bankName> -cid <customerId> -uid <userId> [-eh <encryptionHash>][-ah <authenticationHash>] |
| Reset order number for a customer | -a resetOrderNumber -bn <bankName> -cid <customerId> [-on <orderNumber>] |
| Replay erroneous send orders | -a restartErroneous |
| Replay erroneous send order | -a restartErroneousTransfer -xfer <transferFileName> |
| Enable EBICS XML traces | -a enableTraces -trace <pathToTraces> |
| Disable EBICS XML traces | -action disableTraces |
| Retrieve SSL certificate | -a retrieveSSLServerCert -bn <bankName> |
| Migrate EBICS client | -a migrate -dir <<home_dir>\Axway\Synchrony\EbicsClient> -v <260> -a migrate -propPath <<home_dir>\Axway\Synchrony\EbicsClient\properties -propName BANK> -v <version251>, where <path>\BANK.properties is the migration f ile |
| Display this help | --help | -h |
| Parameter short name |
Parameter long name |
Value(s) |
|---|---|---|
| -a | --action | Refer to previous section (Commands per use case). |
| -ac | --authenticateCertificate | Path to the PKCS#12 or PKCS#8 for authentication |
| -ah | --authenticateHash | <certificate file> Authentication Bank key hash |
| -ap | --authenticatePassword | Password of signature certificate/key |
| -bn | --bankName | <bank name> |
| -cert | --certificate | If certificates used in place of keys |
| -cid | --customerId | <customer ID> |
| -d | --default |
Make the current User the default User for the given Customer, or make the current Customer the default Customer for the given Bank. |
| -dh | --displayHash |
optional parameter When this parameter is specified, the Bank certificate hash is displayed. If this parameter is not specified, the whole Bank certificate is displayed in the bank information. This feature allows the user to check the database bank certificates against the PDF file the bank has sent. |
| -dir | --directory | The directory path of the EBICS client to migrate |
| -ec | --encryptionCertificate | Path to the PKCS#12 or PKCS#8 for encryption |
| -eh | --encryptionHash | Encryption Bank key hash |
| -ep | --encryptionPassword | Password of encryption certificate/key |
| -h | --help | Displays help |
| -hid | --hostId | <host ID> Bank hostID |
| -na | --negativeAcknowledgments | Send negative acknowledgments when running from-to fetches |
| -nosig | --noTransportSignature | If the signature of a transport user is in a transfer that involves personal signatures, it must be omitted. |
| -nuid | --newUserId | The new EBICS user ID |
| -on | --orderNumber | <order Number> Set a specific order number |
| -ph | --proxyHost | <Hostname> Host of the HTTPS proxy server |
| -pp | --proxyPort | <PortNumber> Port of the HTTPS proxy server |
| -ppwd | --proxyPassword | <password> Corresponding password if needed |
| propName | --propertyName | The name of the migration database property |
| propPath | --propertyPath | The path of the migration database property |
| -protv | --protocolVersion | <H002|H003> |
| -puser | --proxyUser | <Username> User name used for login if needed |
| -r | --retries | <NumberOfRetries> Set number of retries |
| -sc | --signatureCertificate | <Certificate file> Path to the PKCS#12 or PKCS#8 for signature |
| -sigalg | --signatureAlgorithm |
The list of supported signature algorithmsseparated by a comma. Example: A004:KEYPAIR,A005:KEYPAIR,A005:CERTIFICATE Supported values include:
Note: A004:CERTIFICATE is not a supported combination |
| -sigv | --signatureVersion | <A004|A005|A006> EBICS protocol Signature version |
| -sp | --signaturePassword | <password> Password of authentication certificate/key |
| -trace | -- ebicsTraces | <Directory> Enable EBICS XML traces to the Directory |
| -uid | --userId | <EBICS user ID> User Id. |
| -url | --URL |
<URL> URL on which the EBICS Server is running. Format for the URL: https://<hostname>:<port>/path where:
Example: -url https://localhost:8443/ebics/EbicsServlet |
| -v | --version | The version of the EBICS client to migrate |
| -xfer | --transfer | The transfer file name |
| Note | All Boolean options passing an invalid Boolean value will be treated as having a “false” value. |
The EBICS protocol relies on SSL. To accept and trust the SSL certificate from the Bank, you need to install the SSL certificate as a trusted certificate.
To do this, you need to:
To set up an EBICS User, the general procedure is:
Step 1 is part of the commercial agreement between the company that acts as an EBICS Client and the company that manages the EBICS Server.
Steps 2 to 7 are related to a dedicated command line.
Step 8 is triggered by the automated file transfer through Gateway.
To deactivate a proxy server, run the following administration command:
adminClient.[sh or bat] --action updateBank --bankName <bankName> --proxyHost "" --proxyPort 0
Send and Fetch transactions with embedded EBICS Client