Updated January 2024
Nulogy has a set of self-signed x509 certificates for AS2 and a set of TLS x509 certificates signed by Digicert.
When deployed properly by administrators, these assets can reduce operational and security risks as well as administrator costs.
These certificates allow AS2 and HTTPS communications with Nulogy's environment to be encrypted and authenticated.
If you are connecting over HTTP with AS2, you have the following options for Production and UAT environments.
| Options | Production | UAT |
|---|---|---|
| 302-connect.nulogy.net.crt | 301-connect-na-qa.nulogy.net.crt |
If you are connecting over HTTPS with SSL/TLS, you have the following options for Production and UAT environments.
| Options | Production | UAT |
|---|---|---|
| Root Certificate (Preferred Option) | DigiCertGlobalRootG2.crt.pem | DigiCertGlobalRootG2.crt.pem |
| Intermediate Certificate (Alternative Option) | DigiCert Intermediate G2 CA | DigiCert Intermediate G2 CA |
| Yearly Server Certificate (Alternative Option) | 224-connect.nulogy.net.crt | 223-connect-na-qa.nulogy.net.crt |
Which TLS certificate you choose to install in your trust store is up to you, however should prefer to install the highest certificate in the chain: the DigiCert Global Root G2 certificate, this will significantly reduce the need for future configuration changes.
If your client software does not support trusted roots with provided intermediates, you may opt to install the DigiCert Intermediate G2 CA certificate. The likelihood that we will have to change the intermediate cert and use a replacement is low.
If your client software or your internal processes do not allow you to use trusted Root certificates, you can use the yearly server certificates. If you choose to do so, note that we will have to reissue this certificate yearly. When this occurs, if you do not include the intermediate or root certificates in your trust store, your applications will fail to communicate with our servers. We will give as much notice as possible for the yearly certificate reissue, but for security reasons we may be forced to revoke this certificate immediately, without notice.
The files contained in this repository are as follows:
DigiCertGlobalRootG2.crt.pem - TLS Digicert Root G2 Certificate
- Mirror of DigiCert Global Root G2, hosted here for convenience
- Serial Number: 4293743540046975378534879503202253541 (
0x33af1e6a711a9a0bb2864b11d09fae5) - Expires January 2038
- For use with HTTPS/TLS connectivity to CNEDI and B2BI, for both Production and UAT environments
223-connect-na-qa.nulogy.net.crt - TLS Certificate for UAT Environment
- Subject:
CN=connect-na-qa.nulogy.net,O=Nulogy Corporation,L=Toronto,ST=Ontario,C=CA(Issuer:CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US) - Serial Number: 19806049027757082700868699962183856442 (
0xee6819c3cfb66e2ca5ff53e280d313a) - Expires January 2025
- Contents include:
- Certificate (connect-na-qa.nulogy.net)
- Intermediate CA Certificate (DigiCert Global G2 TLS RSA SHA256 2020 CA1)
- Root CA Certificate (DigiCert Global Root G2)
- Signed by Digicert with SHA256
- This is the
connect-na-qa.nulogy.netHTTPS/TLS certificate for our UAT environment - For use with CNEDI and B2Bi UAT
224-connect.nulogy.net.crt - TLS Certificate for Production Environment
- Subject:
CN=connect.nulogy.net,O=Nulogy Corporation,L=Toronto,ST=Ontario,C=CA(Issuer:CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US) - Serial Number: 13207844988586335798285133674894363845 (
0x9efbd08dc0448356218fdb614ac8cc5) - Expires August 30 2025
- Contents include:
- Certificate (connect.nulogy.net)
- Intermediate CA Certificate (DigiCert Global G2 TLS RSA SHA256 2020 CA1)
- Root CA Certificate (DigiCert Global Root G2)
- Signed by Digicert with SHA256
- This is the
connect.nulogy.netHTTPS/TLS certificate for our Production environment - For use with CNEDI and B2Bi Production
301-connect-na-qa.nulogy.net.crt - AS2 signing/encryption Certificate for UAT Environment
- Subject:
CN=connect-na-qa.nulogy.net,OU=Integrations,O=Nulogy Corporation,L=Toronto,ST=Ontario,C=CA - Serial Number: 17705727081225065378 (
0xf5b760f8ae6f13a2) - Expires April 2027
- This is a x.509 V3 5 year self-signed SHA256 AS2 signing/encryption certificate
- For use with CNEDI and B2Bi UAT
302-connect.nulogy.net.crt - AS2 signing/encryption Certificate for Production Environment
- Subject:
CN=connect.nulogy.net,OU=Integrations,O=Nulogy Corporation,L=Toronto,ST=Ontario,C=CA - Serial Number: 13992631575093187943 (
0xc22fd0480a581567) - Expires April 2027
- This is a x.509 V3 5 year self-signed SHA256 AS2 signing/encryption certificate
- For use with CNEDI and B2Bi Production
Please check the expiry date on the certificate you install. The expiry dates are noted above.
You can also use the OpenSSL utility included with most Unix-like operating systems:
$ openssl x509 -text -noout -in 000-root-ca4.crt
...
Validity
Not Before: Oct 7 10:48:37 2015 GMT
Not After : Oct 6 10:48:37 2025 GMT
Subject: C=CA, ST=Ontario, L=Toronto, O=Nulogy Corporation, OU=Infrastructure, CN=Nulogy Root CA 4
...
In the case of certificates with shorter expiry, you may wish to add a calendar event to remind you prior to the date.
It is your responsibility to validate the authenticity of the Root certificate you trust. Failing to do so may void your customer agreements and leave you vulnerable to Man in The Middle (MitM) attacks. Your Nulogy support representative will be able to help you validate the certificate key's fingerprint over the phone, via Mail, or another acceptable channel.
The material in this repo is provided Copyright Nulogy Corporation 2024 - All Rights Reserved
Nulogy customers in good standing are licensed to use these x509 certificates only for connecting to Nulogy Corporation assets as prescribed by our standard operating procedures and by support instructions.
Digicert Root certificates are a property of Digicert.