Skip to Main Content
IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Created by Guest
Created on Feb 13, 2023

HTTP Adapter Connection Properties: SSL Settings - multiple system certificates needed

When the certificate used for our AS2 and HTTP connections with trading partners expires, we must switch to a new certificate. Each of our trading partners must be given the new certificate.

The System certificate option on the HTTP Adapter Connection Properties: SSL Settings screen allows for only 1 entry. Therefore, the new certificate has to replace the old certificate independently. The old certificate and the new certificate are not able to be in effect at the same time. This means that ALL trading partners must update their certificates at the same time. What a mess!!!

If both the old and the new certificates could be present at the same time, our trading partners could update to the new certificate whenever they are ready. Forcing the various trading partners to all do something at the same time is an impossible expectation & there are always issues.

Many of our trading partners allow us to update to a new certificate that they have issued at whatever date/time that is best for us. We do not have to update our system at a specific date/time. Sterling Integrator should allow us to do the same for them.

Please see the attached screen print.


What is your industry? Travel & Transportation
How will this idea be used?

This update will allow us to handle trading partner certificate updates in a much more methodical manner. There will be fewer incidents. And life will be easier for our trading partners, which is good for business.

  • Admin
    Dmitry Mallik
    Reply
    |
    Oct 16, 2023

    Hello Pete,

    Thank you for taking the time to provide your ideas to IBM. We truly value our relationship with you and appreciate your willingness to share details about your experience, your recommendations, and ideas.

    IBM has evaluated the request and has determined that it cannot be implemented at this time or does not align with our current strategy or roadmap.

    Having two certs available at the same time does not align with our security posture.


  • Guest
    Reply
    |
    May 15, 2023

    Hi Ryan,

    1) We are not really asking for cert rollover capablity per se. Just the ability to have 2 certs available and effective for a short period of time until the old one expires.

    2) The http server adapter needs to allow for 2 certificates to be in effect. And for example, you could only allow the second cert (the old one) to be in place if it expires in one month or less. But 2 certs would be valid for the trading partners to use so that they could switch to the new one at a time that is convenient for them rather than being forced to switch to the new one at a certain time. I do not see SNI as being related to the issue.

    3) We are not using SSP.

    Thanks, Pete

  • Guest
    Reply
    |
    May 15, 2023

    Thank you for the idea. Could you please restate the ask?

    1) Are you asking for a cert rollover capability?

    2) Any given time does the single http server adapter w/ 2 certs? SNI?

    3) Are you using SSP?