Problem

Sample certificates for Secure Relay were delivered with product packages of the Secure Relay versions lower or equal to 2.6.1.

The Secure Relay version 2.6.1 is likely to be used with the following EBICS Gateway / Electronic Signature versions:

The Secure Relay version 2.5.1 is likely to be used with EBICS Gateway 3.1.

The expiration date for the sample certificates is November 4th 2021.

To verify if you are using Axway certificates and the expiration date, you can use the following command:

openssl x509 -in SecureRelayCA.pem -noout -text

Resolution

Generate your own new certificates (cer/pem extension for the CA and p12 for private):

- By using a tool of your choice (OpenSSL, XCA...) or from a Certification Authority

- One CA (Certification Authority) certificate

- One User certificate signed by the CA for the router agent (client certificate)

- One user certificate signed by the CA for the master agent (server certificate)

The certificate authority must have at least the following parameters:

X509v3 Basic Constraints: CA:TRUE and X509v3 Key Usage: Certificate Sign.

The user certificate (for both Secure Relay RA and MA) must have at least the following parameters: X509v3 Key Usage: Digital Signature, Key Encipherment and Key Agreement.

Check your product's documentation to update parameters related to Secure Relay.