8/2/2019 Equens Connect Direct - Manual v2.0 UK
1/56
Manual Connect:Direct (Secure FileTransfer)Connecting to Secure File Transfer of Equens
Final
Equens SE
Classification: OPEN
Version 2.0 - 10 May 2011
8/2/2019 Equens Connect Direct - Manual v2.0 UK
2/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
Equens
Version history
Version
number
Version
date
Status Edited by Most important
edit(s)
1.0 02-Mar-09 Final Equens SE Revision of the manual.
2.0 10-May-11 Final Equens SE Revision for PCI-DSS.
Connect:Direct and Secure+ are trademarks of SterlingCommerce Inc.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
3/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 3
Content
1 Introduction.....................................................................................61.1 Maintenance of this document ..............................................................61.2 Target groups.....................................................................................61.3 Structure of this manual ......................................................................62 Connect:Direct network variants and infrastructure ........................82.1 Two network variants ..........................................................................8
2.1.1 Connect:Direct via internet .....................................................82.1.2
Connect:Direct via a Leased Line .............................................8
2.2 Infrastructure.....................................................................................93 Security .........................................................................................103.1 Introduction .....................................................................................103.2 Encrypted file transmission via TLS .....................................................103.3 Authentication by means of certificates................................................124 File naming convention and routing mechanism ............................144.1 Introduction .....................................................................................144.2 Connect:Direct file name convention ...................................................144.3 Receipt of different file types ..............................................................164.4 Multiple destination id's (optional).......................................................165 Fallback and backup facilities ........................................................175.1 Standard situation.............................................................................175.2 Scenario in the event of local problems................................................175.3 Scenario in the event of a network failure at the primary location ...........185.4 Scenario in the event of a total failure at the primary location ................196 Configuration of your network.......................................................206.1 Configuration of your firewall..............................................................206.2 Configuration of the Connect:Direct node in your environment ............... 20
6.2.1 Node name/IP address .........................................................206.2.2 Secure+ .............................................................................206.2.3 Client certificate ..................................................................21
6.3 File processing in the test/acceptance environment...............................21
8/2/2019 Equens Connect Direct - Manual v2.0 UK
4/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
4 Equens
7 Requesting and installing of a certificate .......................................227.1 Introduction .....................................................................................22
7.1.1 Procedure ...........................................................................227.1.2 Preparation .........................................................................227.1.3 Maintenance........................................................................23
7.2 Requesting a certificate ..................................................................... 237.3 Retrieving the certificate.................................................................... 297.4 Exporting the certificate.....................................................................327.5 Importing the certificate into your Connect:Direct node .........................387.6 Retrieving the Equens server certificate (CA root certificate) ..................397.7 Importing the Equens CA certificate into your Connect:Direct node .........407.8 Revoking the client certificate.............................................................407.9 Retrieving the Certification Revocation List...........................................447.10 Renewal client certificate ...................................................................448 Testing your connection.................................................................468.1 Introduction .....................................................................................468.2 Difference between the three test types...............................................468.3 Connection test ................................................................................47
8.3.1 Connection test features and conditions..................................478.3.2 Connection test execution.....................................................47
8.4 File transfer test ...............................................................................478.4.1 File transfer test features and conditions.................................478.4.2 File transfer test execution....................................................47
8.5 Processing tests................................................................................498.5.1 Processing test features and conditions ..................................498.5.2 Requesting the processing tests.............................................49
9 File sending ...................................................................................509.1 Introduction .....................................................................................509.2 Automatic file sending .......................................................................509.3 Binary file sending ............................................................................5010 File delivery ...................................................................................5110.1 Introduction .....................................................................................5111 Using compressed files ..................................................................5211.1 Introduction .....................................................................................52
11.1.1 Compression programme conditions.......................................5211.1.2 Binary file transmission ........................................................ 52
8/2/2019 Equens Connect Direct - Manual v2.0 UK
5/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 5
11.2 Sending and receiving compressed files ...............................................5211.2.1 Conditions...........................................................................52
11.3 Receiving compressed files.................................................................5211.3.1 Conditions...........................................................................5211.3.2 Features:............................................................................53
12 Support processes: questions and changes....................................5412.1 Connect:Direct availability .................................................................5412.2 Technical Support department contact information................................5412.3 Information on the Equens website .....................................................5412.4 Changing connection specifications......................................................5412.5 Changing connection type ..................................................................5512.6 Terminating the connection................................................................5512.7 Changing and terminating processing agreements.................................55Annex 1 The relationship between the Connect:Direct naming
convention and the 'old' I-Connect interface description...............56
8/2/2019 Equens Connect Direct - Manual v2.0 UK
6/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
6 Equens
1 Introduction
This manual provides information regarding Secure File Transfer of Equens, in
particular the Connect:Direct connection type.
1.1 Maintenance of this documentThis document is managed and maintained by Equens Corporate IT Middleware
Management department. Amendment and publication of this document may be
carried out solely by this department.
New versions of this document will be made available as PDF files.
When a new version of the document is published, Equens will send the customer
an e-mail notification. The notification will be sent to the e-mail address you have
stated in the "Applicant details" field on the Connect:Direct Service Request Form.
We would be grateful for any feedback regarding any unclear or incorrect
information found in this manual. Please send your response to the Technical
Support department of Equens (for contact details, see chapter 12, Support
processes: questions and changes).
1.2 Target groupsThis manual is primarily intended for network specialists, functional and technical
designers and administrators, ICT architects and programmers who are involved in
the implementation and use of the Connect:Direct connection.
1.3 Structure of this manualThis manual is divided into three sections in which the following is explained:
Configuration of the connection with Connect:Direct How to make a connection Recurring proceduresThe above three sections are explained in further detail below.
The first section describes how Equens has configured the connection with
Connect:Direct and comprises chapters 2 to 5, which contain the following
information: Network variants via which you will be able to connect to Connect:Direct How the security works The manner in which the system will route your data to its destination on the
basis of file names
How Equens has set up the backup and fallback.The second section explains in detail the one-off procedure you must perform in
order to carry out future submissions of your data using Connect:Direct. This
section comprises chapters 6 to 8, which contain the following information:
The technical aspects of the connection (organisation of your network) Requesting and installing a certificate Testing your connection.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
7/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 7
The third section explains in detail the activities that recur. This section comprises
chapters 9 to 12, which contain the following information: How to send files How files are delivered How to handle compressed files How to submit questions and/or changes
8/2/2019 Equens Connect Direct - Manual v2.0 UK
8/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
8 Equens
2 Connect:Direct network variants and infrastructure
2.1 Two network variantsTwo network variants can be used for Connect:Direct
Connect:Direct via internet Connect:Direct via a Leased LineThese two types are equal in terms of security: The security will be organised on
application level with Secure+ (use of Transport Layer Security (TLS) and strong
encryption).
A connection via the internet is advantageous, as it enables high-speed transfers.Furthermore, if you already have an internet connection, the costs will naturally
be lower.
If you should opt for a more robust connection, the Leased Line is a good solution.
This will involve additional costs ensuing from the management of the Leased Line
by the connection provider. Furthermore, this connection is not a standard Equens
network variant, and is realised in project form. This will also involve additional
costs.
The two network variants will be discussed in the subsequent sections.
2.1.1Connect:Direct via internetThis network variant is the preferred choice of both Equens and the majority of
users. Its characteristics are as follows:
The file transfer speed will depend on the internet connection bandwidth.Please note: As a rule, the available bandwidth cannot be guaranteed in the
event of internet use.
Securing your internet-linked infrastructure will be your responsibility, inaddition to which Equens strongly recommends using firewalls.
2.1.2 Connect:Direct via a Leased LineFor banks and large corporations, Equens offers the possibility to connect via a
Leased Line. This Leased Line is based on a dedicated network and therefore has
no relationship with the internet. Furthermore, agreements can be made with
regard to guaranteed bandwidth and availability. As a result, such connections
have a different level of security. The Leased Line connection can be scaled from
128 Kb/second up to 155 MB/second. This type of connection can also be useful if
you exchange multiple types of traffic with Equens.
From a technical point of view, connecting to such a connection is very similar to
an internet connection.
Given the fact that these connections are always tailor-made, please contact the
Technical Support department for additional information. This will not be discussed
in any further detail in this manual.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
9/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 9
2.2 InfrastructureAfter the connection is made to Connect:Direct the infrastructure will resemble as
shown in the following figure:
Figure 1: Infrastructure for connection to Connect:Direct
8/2/2019 Equens Connect Direct - Manual v2.0 UK
10/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
10 Equens
3 Security
3.1 IntroductionThis chapter describes how the security of your data and the continuity of services
will be guaranteed.
Agreements and technical facilities will ensure that Secure File Transfer secures
your data at all times. The security aspects are as follows:
Authenticity
Authenticity will be ensured by means of the following:
Certificate verification and validation Use of a Secure Point of Entry (SPOE)Confidentiality
Confidentiality regarding public and internal connections will be guaranteed
through the use of Connect:Direct with Secure+ (TLS plus encryption).
Integrity
The integrity of the data that is to be transported will be guaranteed via the TLS
hashing mechanism (digital signature).
Authorisation
Authorisation will be granted by means of the following:
Check (netmap) on both IP-address and node name Check on Common Name in the client certificate Contract conclusion checks (processing contracts)
3.2 Encrypted file transmission via TLSWhen using Connect:Direct you will exchange files that may contain confidential
information via Connect:Direct with Secure+. In use, Connect:Direct with Secure+
will be very similar to standard Connect:Direct, but one important difference is the
fact that all confidential information will be encrypted via TLS and a strong cipher
suite as AES. The nodes will automatically carry this out for you.
By default the following strong cipher suites are acceptable by Equens unless
agreed otherwise:
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_3DES_EDE_CBC_SHA
Please note: TLS v1.0 is the preferred secure protocol and SSLv3 is acceptable for
a limited time. As of the 15th of March 2011, Equens will no longer support the
SSLv3 protocol unless mutually agreed otherwise (this is temporarily postponed).
8/2/2019 Equens Connect Direct - Manual v2.0 UK
11/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 11
One major advantage to this security method is that it is end-to-end: from node
to node. The data will not only be encrypted in the public part of the network, but
also on the internal networks of the customer and Equens.
An additional advantage to this method is the fact that the network link between
the customer and Equens will no longer need to be secured separately. It will be
possible to send files over any type of network, including the internet.
Figure 2: The connection via Connect:Direct is secured end-to-end via TLS
8/2/2019 Equens Connect Direct - Manual v2.0 UK
12/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
12 Equens
3.3 Authentication by means of certificatesAn important aspect of the Connect:Direct infrastructure is the use of digital
certificates. The Connect:Direct nodes are equipped with certificates for thepurpose of authentication. This authentication is based on the nodes only
accepting one another's certificates when they have been signed by the correct
(Equens) Certificate Authority.
A Getronics Pink Roccade PKI (Public Key Infrastructure) service will be used to
issue certificates. This company sets high standards for the construction and
management of PKI systems. Getronics Pink Roccade has set up a private CA
(Certificate Authority) for the benefit of Equens. Private, in relation to this matter,
means that this CA will only issue certificates for the Connect:Direct (and Secure
FTP) service. Conversely, the Connect:Direct service will only accept nodes with
certificates issued by this CA stating the same so-called Common Name on both
ends of the connection.
Equens will have full control over issuing of certificates and will determine which
certificate applications will be accepted or rejected via a RA function. Equens will
also be able to revoke previously approved certificates, when for example a
security risk is established or the contract expires.
More details on certificates can be found in the Equens Certificate Policy,
downloadable from our website: www.equens.com (Support - Connectivity).
In case your security policy does not allow the usage of the Equens PKI
certificates, please contact the Technical Support department of Equens.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
13/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 13
Figure 3: Issuing of certificates by Equens
8/2/2019 Equens Connect Direct - Manual v2.0 UK
14/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
14 Equens
4 File naming convention and routing mechanism
4.1 IntroductionWhen you wish to exchange files with Equens via Connect:Direct, the file names
must comply with a specific naming convention.
Files sent in will be routed to the appropriate Equens processing system on the
basis of the file name. Equens will not be able to route sent files if their name
does not comply with the naming convention and will therefore be unable to
process them. In such cases you will receive an error message by e-mail.
4.2 Connect:Direct file name conventionThe following standard will apply within Connect:Direct with regard to the
structure of file names:
....
8/2/2019 Equens Connect Direct - Manual v2.0 UK
15/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 15
The separate fields are defined as follows:
Field Format Length Description
lowercase 8 Must be /mailbox/
This part will be stripped from the
filename after it is received.
UPPERCASE,
alpha-numeric
1-8 The ID (router address) of the
submitting party.
This will be assigned by Equens and
made known to the customer.
Separation Single dot 1 .
UPPERCASE,alpha-numeric
1-8 The ID (router address) of thedestination.
This is SFT if the file is destined for an
Equens system (not'INTERPAY' or
'EQUENS').
If the destination is outside of Equens
or not SFT, the field must be filled
with a destination name that has been
assigned by Equens.
Separation Single dot 1 .
UPPERCASE,
alpha-numeric
1-8 The ID of the file type being
exchanged. The file type determinesthe type of processing by Equens.
An overview of the most often used
file types can be found in the
Typetable at: www.equens.com
(Support - Connectivity)
Separation Single dot 1 .
UPPERCASE,
alpha-numeric
1-8 A unique alpha-numeric file reference
ID assigned by the submitting party.
The field must start with a letter and
must be unique for the submitting
party within a time frame of at least35 days.
Separation Single dot 1 .
8/2/2019 Equens Connect Direct - Manual v2.0 UK
16/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
16 Equens
Field Format Length Description
UPPERCASE,
alpha-numeric
1-8 The file name suffix, assigned by the
submitting party indicating the format
of the file.
Important extensions include the
following:
TXT ('readable'/ASCII data)
DAT (binary)
PDF (Adobe Acrobat Reader format,
binary)
XLS (Microsoft Excel format,
binary)
XML (Extensible Markup Language
format, binary)
ZIP (compressed files, binary).
The extension has no effect on the
routing by Equens.
Table 1: Explanation of file name components
Specifications:
Each field is mandatory The maximum field length is eight charactersPlease refer to the appendix "The relationship between the Connect:Direct naming
convention and the 'old' I-Connect interface description" for information regarding
the relationship between the current Connect:Direct naming convention and the
previous I-Connect interface with token files.
Below is an example of a complete file name for a file sent from id
R0001234 to id SFT:
/mailbox/R0001234.SFT.CLIEOP.C1234567.TXT
4.3 Receipt of different file typesA customer will be able to receive numerous file types via Connect:Direct. Each
type will be processed by a specific application on the side of the customer.
The customer must have a mechanism that ensures that each file type is routed tothe correct application on the basis of the field .
4.4 Multiple destination id's (optional)Equens can only issue multiple id's (router addresses) to a
customer in complex cases (for example, if a group has numerous offices, all of
which process the same file types and also share the same connection). The
customer will then be able to route internally on the basis of the
id in the file name.
Additional id (router address) requests can be subject to extra
charges, please contact the Technical Support department for more information.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
17/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 17
5 Fallback and backup facilities
5.1 Standard situationEquens will have two identical environments; a primary location and a secondary
location, both with a backup facility.
Under normal circumstances each customer will have a Connect:Direct connection
with the primary location. This is shown in the following figure:
Figure 4: Route through Equens environment under normal circumstances
5.2 Scenario in the event of local problemsLocal problems will be dealt with by the additional identical set of equipment at
the primary location.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
18/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
18 Equens
5.3 Scenario in the event of a network failure at the primary locationIn the event of a network failure in the primary location, the system will
automatically use the network infrastructure in the secondary location. With theexception of a brief hiccup, the client will not notice a difference.
Figure 5: Route through Equens environment in the event of a network failure at
the primary location
8/2/2019 Equens Connect Direct - Manual v2.0 UK
19/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 19
5.4 Scenario in the event of a total failure at the primary locationIn the event of a total failure at the primary location, a procedure will be started in
order to summon the secondary location as the fallback location.A number of procedures will ensure that the Connect:Direct traffic for the different
network variants is routed to the secondary location. During these procedures it
will not be possible to connect to Equens. The customer will not notice a difference
after summoning of the fallback location and does not need to make any changes.
Please refer to the Secure File Transfer (Connect:Direct) Service Level Agreement
(SLA) for the specification of the maximum downtime.
Figure 6: Route through Equens fallback environment in the event of a total failure
at the primary location
8/2/2019 Equens Connect Direct - Manual v2.0 UK
20/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
20 Equens
6 Configuration of your network
This chapter explains the procedure for connecting to Connect:Direct at network
level. Once the connection has been made it will be possible to work with
Connect:Direct at transportation level.
Two network variants can be used for Connect:Direct:
Connect:Direct via internet Connect:Direct via a Leased LineThe specifications for these network variants are described in chapter 2, "Equens
Connect:Direct Network variants and infrastructure".
6.1 Configuration of your firewallIn order to be able to use the production system, you will need to open your
firewall TCP port 1364 and the ports 52000 through 52025 for sft.equens.com (IP:
82.195.45.60) for production (and ports configured for your local Connect:Direct
node).
For the test/acceptance environment the same TCP ports need to be opened for
sftacc.equens.com (IP: 82.195.45.59).
Please note: If you wish to carry out a processing test you must connect to the
test/acceptance environment. Please refer to section 8.5, "Processing tests".
The test/acceptance environment is not intended for data that have to remain
confidential. The use of production data is not allowed on the test/acceptanceenvironment.
6.2 Configuration of the Connect:Direct node in your environment6.2.1 Node name/IP address
For configuring your Connect:Direct node you will need to add the IP-address or
the node name of the Equens Connect:Direct node in your configuration.
Production: IP-address: 82.195.45.60 (node: SFT)
Test/acceptance: IP-address: 82.195.45.59 (node: SFTACC)
6.2.2 Secure+When using Connect:Direct you will exchange files that may contain confidential
information via Connect:Direct with Secure+. In use, Connect:Direct with Secure+
will be very similar to standard Connect:Direct, but one important difference is the
fact that all confidential information will be encrypted via TLS and a strong cipher
suite such as AES. The nodes will automatically carry this out for you.
By default the following strong cipher suites are acceptable by Equens unless
agreed otherwise:
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_3DES_EDE_CBC_SHA
8/2/2019 Equens Connect Direct - Manual v2.0 UK
21/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 21
Please note: TLS v1.0 is the preferred secure protocol and SSLv3 is acceptable for
a limited time. As of the 15th of March 2011, Equens will no longer support the
SSLv3 protocol unless mutually agreed otherwise (this is temporarily postponed).
6.2.3 Client certificateThe client certificate of the customer will be checked by Equens using client
authentication. The Common Name in the client certificate is checked against the
Common Name registered at PinkRoccade (as given by customer during the
certificate request procedure). You will find more information on how to request a
certificate from Equens in chapter 7, "Requesting and installing of a certificate".
6.3File processing in the test/acceptance environment
To be able to use the test/acceptance environment a separate set of agreement(s)
need to be in place with the appropriate processing department. For more
information on this you may contact our Technical Support department.
On the test/acceptance environment NO production data is allowed. You should
test using test/dummy data.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
22/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
22 Equens
7 Requesting and installing of a certificate
7.1 IntroductionIn this chapter we will explain how to obtain a client certificate (also called "Digital
ID") and install this in your Connect:Direct node.
7.1.1 ProcedureIn general the procedure is as follows:
To install the client certificate You will receive the URL and a Certificate Enrollment PIN You request a client certificate from Equens via your browser You pick up your certificate from Equens via your browser You export the certificate out of your browser You import the certificate into your Connect:Direct node
You install/import the Equens CA root certificate into your Connect:Direct nodeIn the following paragraphs the procedure is described in further detail.
7.1.2 PreparationBefore you start the procedure, it is important you pay attention to the following
aspects.
Choice of applicant
First determine which employee will request the certificate, as the certificate will
be linked to the person who has requested it! This will be the only person whomay extend or revoke the certificate based on the challenge phrase created by
this person.
When this person leaves the company, it will become necessary to have to revoke
the current certificate and to request a new certificate with the original Certificate
Enrollment PIN.
Choice of e-mail address
The certificate can only be retrieved with the PC that was used to request it. Make
sure you can access your e-mail on or close to the same PC you have requested
the certificate with.
A production certificate is valid for two years and test certificates are valid for one
year. A warning will be send by e-mail when the certificate is about to expire
(starting 30 days before expiring).
Transfer of certificates to the Connect:Direct node
In case the machine where the Connect:Direct node will be active on is a different
machine than the machine that is used to retrieve the certificate, the client
certificate and the Equens CA root certificate need to be transferred to the
Connect:Direct node machine.
The encryption of the client certificate during transport must be done with a
password only known to the person who has requested the client certificate.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
23/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 23
Browser choice
The described procedure and screenshots shown in this manual are based on the
use of Microsoft Internet Explorer. Equens does not provide support concerningproblems that result from using other browsers than Microsoft Internet Explorer.
Potential error messages
There is a chance you will get the error message "Error 1B6 occurred. You may
need to install OnSiteMSI". On the website www.pki.pinkroccade.com, 'Support',
'Updates', 'OnSiteMSI error' you can download a file with the OnSiteMSI file and
an installation manual.
There is a chance you will get the error message "Error 1B6 occurred." (without
the message about OnSiteMSI), in this case you can do the following.
In the Internet Explorer click "Tools - Internet options - Security - Trusted sites"
button "Sites".
Add the following websites (make sure the option "Require server verification" is
not marked):
*.managedpki.com
mpki.pinkroccade.com
mpki-test.pinkroccade.com
Converting certificates
Some nodes are not able to import the certificates with the standard exported
format. In that case the certificate needs to be converted. See the "Frequently
asked questions - Connectivity services" at www.equens.com for more
information.
7.1.3 MaintenanceSecuring your certificate
It is highly recommended to safeguard the client certificate against unauthorized
use. Make a (encrypted) backup on an external carrier and store this in a safe
place.
Equens is not able to re-issue any client certificate used by the systems. When the
certificate is lost and still valid, you will need to revoke the certificate and request
a new certificate based on the original Certificate Enrollment PIN.
Extending your certificate on time
A production certificate is valid for two years (a test certificate for one year).
When a certificate is about to expire you will be warned by e-mail (starting 30days before the expiry date).
If the original computer used for the certificate request procedure and the
certificate on that computer are still available you can perform a renewal by
yourself. Follow the instructions given in the renewal e-mail and on the website.
If the original computer is not available anymore, you must request a new
certificate according to the described procedure in chapter 7.2.
7.2 Requesting a certificateAfter your Service Request Form is processed by Equens, you will receive an URL
and a Certificate Enrollment PIN for the CA website (PKI Portal) of Equens.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
24/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
24 Equens
With this Certificate Enrollment PIN you can request a client certificate (also called
Digital ID) from Equens.
Note: As of October 16, 2006 Interpay is operating under the name Equens.
However, the PKI environment at Pink Roccade is still active under the name
Interpay Nederland.
In the URL you will receive, as well as in the address bar of the browser you will
see /InterpayNederlandBV/
Step 1 Copy the URL and paste this in the address bar of your browser
URL Production:
https://mpki.pinkroccade.com/services/InterpayNederlandBV001/digitalidCenter.htm
URL Test/Acceptance:
https://mpki-test.pinkroccade.com/services/InterpayNederlandBV/digitalidCenter.htm
The following screen will be displayed:
Please note: 'Digital ID' is a synonym for 'certificate'.
Figure 7: The opening page with the options for certificates.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
25/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 25
Step 2 Click the first option, 'Enroll'
The following screen will be displayed:
Figure 8: The form for requesting a certificate.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
26/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
26 Equens
Step 3 Fill in the contact- and identification data as described below:
The name of the applicant (only alpha-numeric characters are allowed,diacritical marks etc. are not allowed).
Please note: the certificate will be linked to the person who has requested it.
This is the only person who can extend or revoke the certificate. If the person
who has requested the certificate leaves the company it will be necessary to
revoke the current certificate and request a new certificate. Please keep this in
mind when deciding in whose name the certificate is requested.
The e-mail address where you will receive certificate notifications at.The first notification you will receive at this e-mail address is a confirmation of
your request and the second notification will contain the necessary information
for retrieving the certificate.
A production certificate is valid for two years (a test certificate is valid for one
year). At this e-mail address we will warn you once the certificate is going toexpire. Please keep this in mind when deciding which e-mail address you will
use.
The access code for the CA website you have received together with theURL, also known as the 'Certificate Enrollment PIN'. This 'Certificate Enrollment
PIN' needs to be stored in a safe place.
A 'Challenge Phrase'The Challenge Phrase is case sensitive and may not contain any punctuation.
The Challenge Phrase is a sentence you will need to remember. You will need
this sentence when extending or revoking your certificate. In case you do not
remember the Challenge Phrase anymore and want to extend the certificate,
you will need to request a new certificate.If you want to revoke your certificate and do not remember the Challenge
Phrase, you will need to contact the Technical Support department of Equens to
have your certificate revoked.
Step 4 Send the form by clicking the 'Submit' button
You will get the message below, asking you to confirm your e-mail address and
check if the correct e-mail address is entered.
Figure 9: It is important that you have entered your e-mail address correctly.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
27/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 27
Step 5 Confirm that you have entered the correct e-mail address
If you click 'Cancel', you will get the opportunity to correct the e-mail address in
the Enrollment form.If you click 'OK', the form will be processed.
Next you will get the screen below and a security message of Microsoft Internet
Explorer.
Figure 10: A standard security message of Microsoft Internet Explorer.
Step 6 Click 'Yes'The request is finished.
The following screen will be displayed. It shows an e-mail has been sent with
instructions for installing the certificate.
Figure 11: You see a message to check your e-mail.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
28/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
28 Equens
When you check your e-mail, you should see the message below.
From: certificateSend: woensdag 2 augustus 2006 14:13
To: Janssen, Dhr. G.A. (Geert)
Subject: Equens Digital ID request confirmation
Dear G.A. Janssen,
Thank you for requesting a Digital ID.
Equens SE is processing your request, and will
notify you when your Digital ID is ready.
If you have questions about your application, please
contact Equens SE by replying to this e-mail
message.
Figure 12: You receive a request confirmation by e-mail.
The status now is as follows:
A Private Key is created in the browser on this computer You have received an e-mail stating your request has been confirmed Equens is processing your request Some time later you will receive an e-mail with instructions for installing the
client certificate with the pin code in that e-mail
8/2/2019 Equens Connect Direct - Manual v2.0 UK
29/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 29
7.3 Retrieving the certificateAfter you have received confirmation of your certificate request, the certificate is
ready to be retrieved.
Step 7 Open the second e-mail message
This message contains the information you will need to retrieve the certificate.
From: certificate
Send: woensdag 2 augustus 2006 14:24
To: Janssen, Dhr. G.A. (Geert)
Subject: Your Equens Digital ID is ready
Dear G.A. JANSSEN,
Equens SE has approved your Digital ID request.
To assure that someone else cannot obtain a Digital ID that
contains your personal information, you must retrieve your
Digital ID from a secure web site using a unique Personal
Identification Number (PIN).
You can retrieve your Digital ID by following these simple
steps:
Step 1: Visit the Digital ID retrieval web page, at:
https://mpki.pinkroccade.com/services/
InterpayNederlandBV/client/mspickup.htm
Step 2: In the form, enter your Personal Identification
Number (PIN):
Your PIN is: 641625923
Step 3: Follow the instructions on the page to complete the
installation of your Digital ID.
If you have any questions or problems, please contact Equens
SE by replying to this e-mail message.
Figure 13: The e-mail with instructions and pin code.
As indicated in the e-mail, you will need to perform the following steps:
Copy/paste the URL that is mentioned in the e-mail into the address bar ofyour browser
Type the pin code in the form that appears in your browser Follow the instructions given in your browser
8/2/2019 Equens Connect Direct - Manual v2.0 UK
30/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
30 Equens
Step 8 Copy the URL and paste this in the address bar of your browser
You will get the following screen:
Figure 14: The page where you retrieve your certificate.
Step 9 Type the pin code mentioned in the e-mail and click 'Submit'
Please pay attention! You must retrieve the certificate on the same PC that you
have used to request the certificate because that will contain the private key
created earlier. If you don't, you will get the following error message:
8/2/2019 Equens Connect Direct - Manual v2.0 UK
31/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 31
Figure 15: Error message when you use a different PC.
Next you will see the screen below, a message from Microsoft Internet Explorer
indicating the client certificate is ready to be installed:
Figure 16: A standard security message from Microsoft Internet Explorer.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
32/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
32 Equens
Step 10 Click 'Yes'
Retrieval of the certificate is now complete.
You will see the screen below. It shows the certificate has been successfullygenerated and installed on that PC.
Figure 17: Confirmation of the certificate installation.
7.4 Exporting the certificateThe certificate is now imported in your browser.
You will need to export it from here, so you can import it into the Connect:Direct
node.
Step 11 Call the dialogue screen for certificates
In the browser menu choose 'Extra' and 'Options'The following screen will be displayed (the screens might be different compared
to yours depending on what version Microsoft Internet Explorer you are using):
8/2/2019 Equens Connect Direct - Manual v2.0 UK
33/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 33
Figure 18: Through the Options screen you go to the certificates screen.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
34/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
34 Equens
Click the button 'Certificates'The following screen is displayed:
Figure 19: The screen where you manage the certificates in your browser.
Step 12 Choose the correct certificate
Click the certificate you have just installed.
The screen below is displayed. Click 'Next' to continue.
Figure 20: Certificate export screen.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
35/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 35
Step 13 Confirm you want to export the private key
In the next screen you are asked if you want to export the private key with the
certificate (the private key is password protected). Exporting the private key withthe certificate is mandatory, so choose option 'Yes' and click 'Next'.
Figure 21: Exporting the certificate private key.
Step 14 Enter the export options
You will need to enter several preferences.
Tick the bottom two options under 'Personal Information Exchange':
'Enable strong protection'With this option you choose for strong security (protection) during transport
'Delete the private key if the export is successful'Ticking this option will delete the private key after exporting the certificate. You
should only do this if you are sure you will not need to export the certificate
again and the certificate is appropriately protected at all times (without private
key the certificate cannot be renewed).
Please note: as long as the private key is not deleted, it may be possible for
other persons with access to your system to export the certificate and make
use of your certificate!Click 'Next'.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
36/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
36 Equens
Figure 22: Important options related to security.
Step 15 Enter a password
In the next screen you will need to enter a password.
You will need this password again when you are importing the certificate into your
Connect:Direct node.
Figure 23: Security through a password.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
37/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 37
Step 16 Save the certificate file
Next you will need to enter where on your hard disk the certificate needs to be
saved and under what name it is to be saved as a .PFX file (with PKCS #12format).
Figure 24: Saving the certificate on the hard disk.
Step 17 Finish the export procedure
Next you will see an overview of the specifications you have entered with the
possibility of making adjustments by using the 'Back' key.
If you are satisfied, click 'Finish'.
Figure 25: Overview of the specifications entered.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
38/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
38 Equens
You will get a confirmation that the export was successful. Click 'OK' to continue.
Figure 26: The confirmation that the export was successful.
Subsequently you can find the saved file with the certificate in the Microsoft
Explorer.
Figure 27: The file with the certificate in Microsoft Explorer.
Make sure when you save the certificate (encrypted if possible) on a mobile device
like a USB stick to keep the device with the certificate in a secure place. Also
make sure you have deleted any copies of the certificate that are not needed or
stored in a secure place.
7.5 Importing the certificate into your Connect:Direct nodeFor importing the certificate in your Connect:Direct node we refer you to the
manual of your Connect:Direct node or request support from Sterling Commerce.
If you need to convert your certificate into a different format, please check our
'Frequently asked questions' section on the website of Equens (www.equens.com)
8/2/2019 Equens Connect Direct - Manual v2.0 UK
39/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 39
7.6 Retrieving the Equens server certificate (CA root certificate)By importing the CA root certificate into your Connect:Direct node the computers
of Equens know to trust your computer.
Now you will need to configure your computer so it will trust the Certificate
Authority (CA) of Equens.
Step 18 Go back to the opening page of the Digital ID Center
Once again, type the URL you have received by postal mail into the address bar of
your browser.
The following screen is displayed:
Figure 28: The opening page with the options for certificates.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
40/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
40 Equens
Step 19 Choose the option 'Install CA'
A download is started immediately and the screen below is displayed. The system
asks you if you want to open or save the file to your computer. Choose the option'Save'. The CA root certificate will be saved to your computer.
Figure 29: Save the certificate to your computer.
7.7 Importing the Equens CA certificate into your Connect:Direct nodeFor importing the CA root certificate into your Connect:Direct node, we refer you
to the manual of your Connect:Direct node or request support from Sterling
Commerce.
7.8 Revoking the client certificateThe client certificate (or Digital ID) can be revoked by request of the owner of the
certificate or by the registered contact person. The client certificate can be
revoked in case of one of the following circumstances:
The client certificate is no longer in the possession of the owner The file transfer contract is ended The file transfer contract was stopped temporarily The CA of Getronics Pink Roccade was compromised The private key of the client certificate may have been compromisedThe contact person or the certificate owner should have the client certificate
revoked immediately if there is any reason to believe that the client certificate has
been compromised.
Companies should also have the client certificate revoked when the certificate
owner change jobs or when there is no longer need for the client certificate.
There should be only one valid client certificate per Certificate Enrollment PIN, but
Equens will allow time (maximum of 14 days) to have the certificate replaced in
case of requesting a new certificate in the renewal procedure.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
41/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 41
If you like Equens to revoke your client certificate, for instance when you cannot
access the CA anymore or have forgotten the Challenge Phrase, please contact the
Technical Support department of Equens.Please make sure you have the following information at hand when contacting the
Technical Support department:
First and last name of the certificate owner (as these have been entered duringthe certificate request procedure)
E-mail address of the certificate owner (the e-mail address entered during thecertificate request procedure)
Revoking the client certificate yourself is possible through the Digital ID Center of
Pink Roccade. Type the URL you have received by postal mail into the address bar
of your browser.
The following screen is displayed:
Figure 30: The opening page with the options for certificates.
Click on 'Revoke', the following screen will be displayed:
8/2/2019 Equens Connect Direct - Manual v2.0 UK
42/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
42 Equens
Figure 31: The form to revoke a client certificate (Digital ID)
Fill in either the e-mail address OR the full name (First Name and Last Name) as
used when you requested the client certificate.
Click on 'Search'.
Next you will see a screen with the client certificates that were found using the
filled in data. Select the correct client certificate and click on 'Revoke'.
The following screen will be displayed asking you to type the Challenge Phrase and
give the reason for revoking.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
43/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 43
Figure 32: Enter Challenge Phrase to revoke the client certificate
After filling in the Challenge Phrase and selecting the reason for Revoking, click on
'Submit'. If you have entered the correct Challenge Phrase the client certificate isrevoked and the following screen is displayed.
Figure 33: Message indicating the client certificate was successfully revoked
Please inform the Technical Support department of Equens that you have revoked
your client certificate.
If you encounter any problems during the revocation process, you can have
Equens revoke your client certificate. Please contact the Technical Support
department for this.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
44/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
44 Equens
7.9 Retrieving the Certification Revocation ListSome nodes can import a 'Certification Revocation List' (CRL) to check if a
certificate is still valid (and not revoked). This file contains a list of all revokedcertificates and is refreshed at regular intervals. This list can be downloaded at:
http://pki.pinkroccade.com/crl/InterpayNederlandBV001/LatestCRL.crl
7.10 Renewal client certificateProduction certificates are valid for two years and test/acceptance certificates are
valid for one year. About 30 days before the expiry date the requestor of the client
certificate will receive an e-mail stating the client certificate will expire and can be
renewed using the mentioned URL and pin code.
Below an example of this e-mail.
Dear ,
Our record indicates that your Digital ID will expire on xx-xx-xxxx. If
you have already renewed your Digital ID, please ignore this notice.
Otherwise please call Customer Services Equens Nederland
__________________
Exception:
You can also apply for automatic renewal of your Digital ID, but only
under the following conditions:
1. You must have the original Digital ID on the computer connecting theMPKI site.
2. The location of the ID must be in the right place on the computer
connecting the MPKI site.
If you meet this criteria, please visit:
to renew your Digital ID.
Note to Netscape users: To complete the renewal process, you may need the
Challenge Phrase you used to enroll for your original Digital ID, and the
following Renewal ID Number:
Your Renewal ID number is : xxxxxx
If you have any questions or problems, please contact Equens SE by replying
to this e-mail message.
Figure 34: The renewal e-mail
If you meet the mentioned criteria (the renewal can only be done from the
computer you have used when requesting the original certificate) you can perform
the renewal of the client certificate yourself. After renewal you must export the
renewed client certificate to your Connect:Direct node.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
45/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 45
If you do not meet the mentioned criteria or a problem occurred during the
renewal process (and your client certificate is not renewed), you must contact the
Technical Support department of Equens for further assistance (you might need torequest a new certificate instead of performing a renewal).
Please note: the renewal procedure can only be started after you have received
the renewal e-mail with the renewal pin code.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
46/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
46 Equens
8 Testing your connection
8.1 IntroductionIt is advisable to first check whether the connection is functioning correctly and
whether the files are being sent on in the required manner. You can test this
easily by sending a file to yourself. This connection test and file transfer test can
simply be carried out in the Equens production environment.
If you also wish to carry out processing tests, you must carry these out in the
test/acceptance environment(!). These processing tests must be scheduled at
least one week in advance in consultation with the Technical Support department
and the relevant business unit.
8.2 Difference between the three test typesTests can be carried out at three levels:
Level A: connection test Level B: file transfer tests Level C: processing tests (application level).The level A and B tests relate specifically to the Connect:Direct connection.
The level C tests are not related to the connection type.
The following figure shows the levels at which the tests should be carried out.
Figure 35: Testing for Connect:Direct will take place at three levels
Testing can only commence if the following conditions have been met:
All relevant data must have been entered in the various Equens databases You must have installed a Connect:Direct node You must have installed both the client and CA root certificate
8/2/2019 Equens Connect Direct - Manual v2.0 UK
47/56
8/2/2019 Equens Connect Direct - Manual v2.0 UK
48/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
48 Equens
Prepare a test file and change its name according to the naming convention.
- For enter the same as for
- Enter the SELFTEST value for
Example filename for Connect:Direct:
/mailbox/R0001234.R0001234.SELFTEST.TEST1234.TXT
Please refer to section 4.2, "Connect:Direct file name convention" for the file name
structure.
Set up a connection to the Connect:Direct node of Equens (node: SFT orSFTACC)
Send the file to yourselfSee section 9, "File sending"
The file will be fully processed at Equens. This means the file will be routed to
the , in this case yourself. The file will be pushed to your
Connect:Direct node.
Check if the file is delivered at your Connect:Direct node.Once the file is at your Connect:Direct node the test is successfully completed.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
49/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 49
8.5 Processing tests8.5.1 Processing test features and conditions
Feature Description
Subject The content and layout of the files.
Objective Checking whether file transfers and data processing
(for Equens-specific business) between Equens and
the customer via Connect:Direct are successful.
Conditions If you use separate test machines you must request
the following:
A test connection on Connect:Direct Test certificates (client and CA)
These tests must be scheduled at least one week inadvance in consultation with the following:
Technical Support department of Equens The Equens business unit carrying out the
processing.
Importance Not mandatory.
Environment Test/acceptance environment (node: SFTACC)
On the test/acceptance environment NO production
data is allowed. You should test using test/dummy
data.
Processing tests in the production environment are not
permitted.
Table 4: Features of the Connect:Direct processing test
8.5.2 Requesting the processing testsProcessing tests will be carried out on the Equens test/acceptance environment.
If you wish to carry out processing tests (i.e. at application level), you must
schedule these tests at least one week in advance in consultation with the
Technical Support department.
In the event of a non-standard connection or connection to systems other than
the giral Clearing and Settlement System, the connection coordinator will draw up
the test procedure in consultation with the owner of the processing system. These
connection processes are always carried out on a project basis.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
50/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
50 Equens
9 File sending
9.1 IntroductionYou can send files to Equens using commands in your Connect:Direct node. When
sending files you will need to initiate the transfer.
You can also send compressed (zipped) data files. Please refer to chapter 11,
"Using compressed files" for additional information.
Please note: The maximum file size for Connect:Direct is 2 GB (uncompressed).
9.2 Automatic file sendingMost Connect:Direct nodes have the possibility to send files automatically. The
node can be configured so that it will check a directory on the local system for
waiting files. If this is the case, the files will be sent to Equens without any further
action being required from the user. If the files are sent successfully the node can
remove the files.
You can use a "File agent" for this, but you are responsible for further automation,
Equens does not provide support for this.
9.3Binary file sending
Some file types, such as files with the extension .ZIP, .DAT, .PDF or .BIN must be
sent binary.For more information on sending files binary with Connect:Direct, please consult
the Connect:Direct documentation of Sterling Commerce.
If you send a binary file as a non-binary file, it may arrive corrupted at the
destination.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
51/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 51
10 File delivery
10.1 IntroductionFiles addressed to you are "pushed" to you by Connect:Direct, you do not need to
take the initiative to retrieve the files. The output files will be put on your
Connect:Direct node, if the files need to be placed in a specific directory on your
node, please indicate this on the Service Request Form when requesting the
Connect:Direct connection.
After pushing the files they will be automatically moved to the subdirectory
'ARCHIVE' in your mailbox. Already pushed files can be downloaded from the
'ARCHIVE' directory for 35 days (if you have access to this directory), after whichthey will be deleted.
If you don't have access to the 'ARCHIVE' directory and would like to receive a file
that has already been supplied to you, you will need to contact our Technical
Support department.
Files from the Equens Clearing and Settlement system will remain available within
that system for 30 days for eventual reissuing (in case you cannot access your
ARCHIVE folder). When this period has elapsed, the files will be deleted and
cannot be resupplied electronically.
Please note: Data with the highest security classification and risk will be archived
and stored with a minimum period technically possible, so less than 35 days andmight not be backed up during their presence in Secure File Transfer.
This includes all files that contain sensitive authentication data such as data used
to manufacture new credit cards and payment cards.
Although Connect:Direct can be used to transport sensitive authentication data, it
is not allowed to store this data in the 'ARCHIVE' folder.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
52/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
52 Equens
11 Using compressed files
11.1 IntroductionFiles can be compressed (zipped) in order to reduce their size and therefore also
the amount of time it takes for them to be transmitted. If the bandwidth is
sufficient, compression will not be necessary and consequently advised against.
11.1.1 Compression programme conditions Your compression programme must be compatible with PKZIP version 2.04g Acquisition and use of compression software will be your own responsibility Please refer to your compression programme manual for information regarding
file compression and decompression
Please note: The maximum file size of a ZIP file is 4 GB, however the maximum
file size for file transfer through Connect:Direct is 2 GB.
11.1.2 Binary file transmissionYou must use binary transmission in order to both send and receive compressed
files, please see section 9.3, "Binary file sending".
11.2 Sending and receiving compressed files
11.2.1Conditions You will be able to send both compressed and uncompressed files. There is no
need to specify this on the Service Request Form
Compressed files must be indicated with the 'ZIP' In case you would like to receive compressed files you must specify this on the
Service Request Form
The compressed file that you wish to send must contain not more than onedata file. The compressed file will be unzipped by Equens before it is routed to
the and can be zipped again by Equens, depending on the
configuration of the
Although the file name in the archive need not to comply with the namingconvention, this is advisable.
This is also easy, given the majority of compression programmes use the name
of the file being compressed for the archive name. For example: If you were to
compress the file R0001234.SFT.CLIEOP.A1234567.TXT, the compressed file
will be named R0001234.SFT.CLIEOP.A1234567.ZIP
11.3 Receiving compressed files11.3.1 Conditions
If you wish to receive compressed output from Equens, please specify this onthe Service Request form.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
53/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 53
11.3.2 Features:If you have stated you wish to receive compressed files, the following will apply: Allfiles you receive from Equens are compressed, it is not possible to compressspecific file types The names of both the ZIP archive and the archived file will comply with the
file name convention.
For example: the archive MFC.R0001234.VERWINFA.A1234567.ZIP would
contain the file MFC.R0001234.VERWINFA.A1234567.TXT
8/2/2019 Equens Connect Direct - Manual v2.0 UK
54/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
54 Equens
12 Support processes: questions and changes
12.1 Connect:Direct availabilityConnect:Direct will be available from 4:00p.m. on Sunday to 7:00a.m. on
Saturday. 98% availability will be guaranteed during these times.
12.2 Technical Support department contact informationSupport for File Transfer products will be provided by the Technical Support
department of Equens.
The support will encompass the following: Answering questions by telephone Dealing with incidents Monitoring the file exchange and any underlying network connectionsPlease note: The support that Technical Support will provide is intended for
situations involving a standard connection to Connect:Direct.
In the event of deviation, Technical Support will not provide any support for
matters relating to the client's domain.
Technical Support is available from Monday to Friday, with the exception of bank
holidays.
Opening times: 8:00am 6:00pm
Telephone: 0900 - 0660, option 3 (for customers in The Netherlands, localtariff)
Telephone: +31 (0)30 - 283 68 60, option 3 (for customers outside TheNetherlands)
Fax: +31 (0)30 - 283 51 33 E-mail: [email protected] note: Please submit any questions by telephone, not by e-mail (unless
otherwise instructed).
12.3 Information on the Equens websiteOn www.equens.com you will find the following information regarding Secure File
Transfer and the various connection types:
Brochures Manuals Forms FAQs
12.4 Changing connection specificationsYou can use the 'Service Request Form Connect:Direct' to do the following:
Register and deregister: The contact person
8/2/2019 Equens Connect Direct - Manual v2.0 UK
55/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
OPEN
Equens Version 2.0 - 10 May 2011 55
Change contact details: Organisational information Telephone number and/or e-mail address of the contact person
Change service specifications: Whether you want to connect via the internet or via a Leased Line Whether you want to receive compressed files At which e-mail address you would like to receive error messages
(E-mail messages that inform you of a file that could not be processed, e.g.
by using an incorrect file name).
You must fill in and send a separate copy of the form for each request and/or
change! This form can be requested from Technical Support or downloaded from
our website: www.equens.com (Support - Connectivity)
This Service Request Form only concerns the transportof files/data. For the
processing of the data files you are sending/receiving, you will need to make
agreements with the appropriate (processing) department of Equens.
12.5 Changing connection typeIf you wish to deliver data using a connection type other than Connect:Direct,
please contact the Technical Support department.
12.6 Terminating the connectionThe Connect:Direct agreement must be terminated in writing, you can use the
Service Request Form to request a termination of the Connect:Direct agreement.
When terminating the connection you must ensure that all streams you use with
Connect:Direct are migrated in a timely fashion. This means that the relevantprocessing agreements must be amended.
12.7 Changing and terminating processing agreementsYou must arrange changes or termination of your processing agreements with
your bank and the Equens business unit that carries out the processing activities,
in accordance with the relevant procedures.
8/2/2019 Equens Connect Direct - Manual v2.0 UK
56/56
Manual Connect:Direct (Secure File Transfer)
Connecting to Secure File Transfer of Equens
Annex 1 The relationship between the Connect:Direct namingconvention and the 'old' I-Connect interface description
1.1 Relationship with 'old' I-ConnectAccording to the 'old' interface description, a token file is sent in addition to a data
file. This token file is used to provide data regarding the routing of the data file.
The token file will not be included in the new Connect:Direct standard.
The following fields relate to the 'old' I-Connect interface descriptions as follows:
Field Relationship with 'old' I-Connect
More or less corresponds with the 'Naam inzender' (Name of
sender) field from the token file (versions 04 and 05). However,
the field is shorter (8 positions) than 'Naam inzender'
(20 positions), which in many cases ensures a difference.
Token file versions 01 and 02 contain a 'Relatienummer
inzender' (Sender account number) field. However, its content
is not comparable.
More or less corresponds with the 'Naam bestemming' (Name of
location) field from the token file (versions 04 and 05).
However, the field is shorter (8 positions) than
'Naam bestemming' (20 positions), which in many casesensures a difference.
Furthermore, please remember that you must enter spaces in
the token file for the destination of traffic to Equens. However,
in the new interface, 'SFT' must be entered as the destination.
Token file versions 01 and 02 contain a 'Relatienummer
bestemming' (Location account number) field. However, its
content is not comparable.
This field will replace the three 'Informatiegroep' (Information
group), 'Informatiesoort' ('Information type') and
'Bestandsindeling' (File format) fields from the token file.
This field corresponds with the 'File-ID' from the file name.
Only two extensions are permitted in the 'old' I-Connect: FTP
and ZIP. This limitation will not apply in Connect:Direct.
Table 5: Relationship with 'old' I-Connect