Importing Certificates for an Instance

You can import SSL certificates used for two-factor authentication into your instance. TLS certificates are used for communication with web services, file transfer over WebDAVClient, or when using dw.net.HTTPClient or any of the dw.crypto classes that use a KeyRef parameter. Salesforce B2C Commerce uses an internal password to encrypt the instance keystore.

If you have an integration to an external server using SSL/TLS, the SSL certificate that is installed at the external server must be issued by a Certification Authority (CA) that the Commerce Cloud B2C Commerce server recognizes. By default, B2C Commerce only recognizes the root CAs that ship with Oracle's Java platform. However, you can add additional CA certificates to the customer keystore. Certificates added to the customer keystore are checked when establishing outbound SSL connections.

See also Web Service Security and Using X509 Certificates for Signing or Encryption.

  1. Select Administration > Operations > Private Keys.
  2. On the Private Keys and Certificates page, you can search for a certificate or navigate the grid to select one.
    Select 10, 25, 50, or 100 items to appear on a page.
  3. If you are importing a new version of an existing certificate and want to use the same alias, you must first delete the existing certificate. Aliases for all entries in the keystore must be unique. See Deleting Certificates.
  4. To add a new certificate or private key:
    1. Click Import or Upload a new private key or certificate.
    2. In the Import Private Key or Certificate window, enter a certificate or private key file name, or click Select... to open the File Upload window and select the file to import.
      Only the following file types are allowed:
      • Trusted certificates: .crt .pem .cer .der
      • Private Keys: .p12 .pfx

      The certificate appears in the certificate list..

  5. To add host names to a private key:
    1. Click the dropdown to the right of a private key and select Manage Hosts.
    2. On the Manage Hostnames window, enter the host name, for example, www.sitegenesis.com, and click Add.
    3. Click Save.
  6. If you are importing:
    • A trusted certificate (*.crt): enter the following:
      • Alias: Enter an alias used to refer to this certificate when using any of the B2C Commerce script dw.crypto package methods that specify an alias. The alias shouldn't contain spaces or special characters in B2C Commerce script. B2C Commerce tells you if the alias isn't unique for your instance.
    • A private key (*.p12): enter the following:
      • Source Password: Enter a password for the encryption of the key file entered in the instance keystore.
      • Alias: enter an alias used to refer to this certificate when using any of the B2C Commerce script dw.crypto package methods that specify an alias. The alias shouldn't contain spaces or special characters in B2C Commerce script. B2C Commerce tells you if the alias isn't unique for your instance. You might want to include the web service name or service provider name.
      • Host Names: If you are using the key or certificate for transport layer security, enter the DNS name of the server as reached by the client. For example: www.paypal.com. B2C Commerce uses the host name to determine what certificate to use. You can add two or more host names, separated by a comma. If you importing a certificate specified by one of the dw.crypto package methods that takes a KeyRef argument, you don't need to enter a hostname.
    If you have more than one private key in your keystore, the host name must be set to the target host you call via dw.net.HTTPClient, dw.rpc.SOAPUtil, or dw.ws.WSUtil. Otherwise, B2C Commerce can't guarantee that the correct client certificate is used for the call.