Problem

Sample certificates for SecureRelay were delivered with product packages sometime ago.

Those sample certificates appears to be used by some of our customers

The expiration date for the sample certificates is November 4th 2021

To verify if you are using Axway certificates and the expiration date, you can use the following command:
openssl x509 -in SecureRelayCA.pem -noout -text

Resolution

Generate your own new certificates (cer/pem extension for the CA and p12 for private):

- By using a tool of your choice (OpenSSL, XCA...) or from a Certification Authority
- One CA (Certification Authority) certificate
- One User certificate signed by the CA for the router agent (client certificate)
- One user certificate signed by the CA for the master agent (server certificate)

The certificate authority must have at least the following parameters:

X509v3 Basic Constraints: CA:TRUE and X509v3 Key Usage: Certificate Sign.

The user certificate (for both Secure Relay RA and MA) must have at least the following parameters: X509v3 Key Usage: Digital Signature, Key Encipherment and Key Agreement

Check your product's documentation to update parameters related to SecureRelay

Adressed Products:

1. TSIM

How to verify the expiration date for TSIM / Secure Relay Router Agent certificates

How to generate and replace TSIM / Secure Relay Router Agent certificates

2. Gateway

How to change Secure Relay Master Agent (Gateway) and Router Agent (XSR) certificates

Replace the old sample certificates in Gateway and SecureRelay RA

3. CFT

How to change CFT Master Agent and Router Agent (XSR) certificates

4. EBICS Gateway / Electronic Signature

EBICS Gateway / Electronic Signature - Secure Relay sample certificates to be expired by Thursday November 4th 2021