Articles in this section

Create and update self-signed SSL certificates for AS2 connections

Tom Santiago
Updated

This article explains how to create and update a self-signed X.509 certificate for use in Configure My AS2 station.

NOTE: A self-signed certificate is a certificate that is signed with its own private key. If your trading partner requires a certificate that is signed by a Certificate Authority (CA), you will need to contact a CA directly to have them issue your organization a certificate.

Here are the steps to generate, share, and update a self-signed SSL certificate.

A. Generate a self-signed SSL certificate

Use the following steps to generate a self-signed SSL certificate using the OpenSSL utility:

  • Run the below OpenSSL command to generate your private key and public certificate.

    1. -newkey rsa:2048: Creates a 2048 bit RSA key for use with the certificate.

    2. -x509: Creates a self-signed certificate.

    3. -days: Determines the length of time in days that the certificate is being issued for. For a self-signed certificate, this value can be increased as necessary. "365" specifies that the certificate will be valid for 365 days.

    4. -nodes: Creates a certificate that does not require a passphrase.

    openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.cer

    You will be prompted to add identifying information about your website or organization to the certificate. Since a self-signed certificate won’t be used publicly, this information isn’t necessary. If this certificate will be passed on to a certificate authority for signing, the information needs to be as accurate as possible.

    Upon completion, the command creates two files: a private key (domain.key), and a public certificate (domain.cer). The key and certificate are valid for 365 days. Back up your certificate and key in a secure place (such as LastPass or 1Password.)

    Here is an example of the output:

    360072521291-image-0.png

B. Share the public certificate with trading partner

  • Share the public certificate with your AS2 trading partner. The public certificate requires proper configuration in your partner’s AS2 software to enable the successful transmission of your encrypted messages over AS2.

C. Update certificate details in the AS2 connection

Select your AS2 connection and update the certificate and private key. When you use a universal AS2 connection, you must follow the procedure for each trading partner that you want to update.

  1. In the left pane, select Resources > Connections.

  2. From the Connectors page, select a specific connection to edit details.

  3. In the Edit connection form, go to Configure my AS2 station section of the AS2 connection to update the .key and .cer files as follows:

    1. Copy and paste .cer file in X.509 Public certificate.

    2. Copy and paste .key file in X.509 Private key.

    configure-as2-connection.png

    Don’t update any other setting in Configure my AS2 station

  4. Go to Configure partner AS2 station section to update the partner's AS2 public certificate. Copy and paste the content of the public certificate that has been shared by the partner in the Partner’s certificate setting.

    configure-partner-as2-connection.png

    Caution

    While updating this certificate, you must also update the private key in X.509 Private key again because it’s encrypted and not visible during updates. If you don’t provide it, an empty private key would get updated that will break the integration.

    Tip

    In the universal AS2 connection, you can identify the right partner by looking at the Partner’s AS2 Identifier, which is unique per partner.

  5. Save the connection.