Introduction
One of the problems with administering a Direct server is that you must find and install anchors for any destinations you want to transmit messages to. One place to find anchors is the DirectTrust site. I’ll show a quick and dirty method of getting these anchors into your system.
Trust Bundles
A trust bundle is a collection of anchors that are all contained in one file. The file extension is a P7B file. You should start by going to directtrust.org and selecting Accredited Trust Bundle from the menu. You’ll be presented with a web page that has a list of anchors from about 50 HISPs that are in the trust bundle. You can click on the Accredited Trust Bundle Download icon to download the single file.
Once you have the file, the easiest method of getting the anchors into a working system is to export each anchor and then import it using the ConfigConsole application. If you open the P7B file with a text editor you’ll see what looks like a giant base-64 encoded block of text:
-----BEGIN PKCS7----- MILJrQYJKoZIhvcNAQcCoILJnjCCyZoCAQExADALBgkqhkiG9w0BBwGggsmAMIIE PTCCAyWgAwIBAgIKYUxBZAAAAAAAAjANBgkqhkiG9w0BAQsFADBHMRkwFwYDVQQK ExBBdGhlbmFoZWFsdGggSW5jMQswCQYDVQQGEwJVUzEdMBsGA1UEAxMUQXRoZW5h aGVhbHRoIFJvb3QgQ0EwHhcNMTMxMjA1MTQzNjEwWhcNMjMxMjA1MTQzNjEwWjBL MQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQXRoZW5haGVhbHRoIEluYzEhMB8GA1UE AxMYQXRoZW5haGVhbHRoIERpcmVjdCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOC
etc.
Fortunately, windows recognizes the file type and you can double-click on the file to bring up the cert manager window:
Find the anchor that you need (or repeat the process for all anchors) and right click on it. Choose “All Tasks” then choose “Export”. Then a dialog box will appear. Leave the radio button selected on the CER file type and click “Next”. Then fill in the path/file name and click “Next”. Click “Finish”. A new CER file is created at the path/file name that you chose.
Now you can go to the ConfigConsole application and use the “anchor_add” command:
In the example above, IOD was added to the anchors table. Now you can send messages to any Direct addresses controlled by IOD Incorporated. If you are missing an anchor for a direct address that you are attempting to transmit to, you’ll get a “NoTrustedRecipients” error. The anchor table is the first place I look to troubleshoot this type of error. Unfortunately, there are many pieces to Direct that can cause the “NoTrustedRecipients” error. I’ll attempt to blog about these cause in my future posts.