OFTP Mailbox Security: CLID Tab
Use the CLID tab to specify the Certificate Logical Identification Data (CLID) for your trading partner's certificates. If your trading partner provides their CLID, it allows for validation that the supplied certificates match, whether the certificate is provided automatically through ACE or imported and configured manually. Depending on which security features are used in the trading relationship and whether separate certificates are used for each feature, between one and five CLIDs are specified for signing, encryption, EERP, session, and TLS use.
A CLID consists of:
- The certificate’s subject and issuer in the form
EMAIL=xxx,CN=xxx,OU=xxx,O=xxx,L=xxx,ST=xxx,C=xxx(the fields present and the order of the fields are dictated by the trading partner). - Existence of
digitalSignature,keyEncipherment,clientAuth, and/orserverAuthkey usage flags.
If a configured certificate does not match its CLID, the mailbox is not considered ready. A certificate received through ACE that does not have a matching CLID is rejected.