This article explains how to create and update a self-signed X.509 certificate for use in the My AS2 Station Configuration.
NOTE: A self-signed certificate is a certificate that is signed with its own private key. If your trading partner requires a certificate that is signed by a Certificate Authority (CA), you will need to contact a CA directly to have them issue your organization a certificate.
Generate, share, and update a self-signed SSL certificate
Use the following steps to generate a self-signed SSL certificate using the OpenSSL utility:
- Run the below OpenSSL command to generate your private key and public certificate.
openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.cer
You will be prompted to add identifying information about your website or organization to the certificate. Since a self-signed certificate won’t be used publicly, this information isn’t necessary. If this certificate will be passed on to a certificate authority for signing, the information needs to be as accurate as possible.
- -newkey rsa:2048: Creates a 2048 bit RSA key for use with the certificate.
- -x509: Creates a self-signed certificate.
- -days: Determines the length of time in days that the certificate is being issued for. For a self-signed certificate, this value can be increased as necessary. "365" specifies that the certificate will be valid for 365 days.
- -nodes: Creates a certificate that does not require a passphrase.
Upon completion, the command creates two files: a private key (domain.key), and a public certificate (domain.cer). The key and certificate are valid for 365 days. Back up your certificate and key in a secure place (such as LastPass or 1Password.)
Here is an example of the output:
- Share the public certificate with your AS2 trading partner. The public certificate requires proper configuration in your partner’s AS2 software in order to enable the successful transmission of your encrypted messages over AS2.
- Update the certificate and private key on the AS2 connection in integrator.io
For each Trading Partner connection that you want to update, go to the My AS2 Station Configuration section of the AS2 connection. From there, copy and paste the content of .key and .cer files as follows:
- .cer would go to X.509 public certificate
- .key would go to X.509 private key
- Don’t update any other property on the AS2 connection. Partner's Certificate: property is populated under the Partner’s AS2 Station Configuration section.
- Save the connection.
- Update the Partner’s AS2 Station Configuration certificate:
You can update the Partner’s AS2 certificates under the Partner’s AS2 Station Configuration section on the integrator.io connection. Identify the right partner by looking at the Partner’s AS2 Identifier, which is unique per partner.
- Copy and paste the content of the public certificate shared by the Partner in the Partner’s Certificate property. While updating this certificate, you must also update the customer’s private key again because it’s encrypted and not visible during updates. If you don’t provide it, an empty private key would get updated that will break the integration.
- Save the connection.
Very helpful, thank you.
There was a recent update on the AS2 certificate for Geodis though still receiving the "unexpected-processing-error Details: Your message could not be processed" error even after installing the CRT file. Are there any other steps to be done after installing the CRT file? Thank you!
Please sign in to leave a comment.