+

Managing AS2 Host Keystores

AS2 host keystores consist of a public certificate and a private key. You must create an AS2 host keystore if you use AS2 endpoints.

Create an AS2 Host Keystore

You can create a new AS2 keystore for the host when you configure an AS2 Receive from Partners endpoint. After you create the keystore, you can reuse it in new endpoint configurations.

To create an AS2 host keystore:

  1. In the navigation menu, select the host.

  2. In the Endpoints section, click New.

  3. In the New Endpoint window, select Receive from partners in the Usage field and AS2 in the Protocol field.

  4. In the <host> keystore section, click Select.

  5. In the Select a <host> keystore window, click New.

  6. Complete the fields in the New keystore for <host> window:

    1. In the Keystore name field, enter a unique name for the keystore.

    2. In the <host> public certificate field, click Choose file, navigate to your public certificate, and then click Open.

    3. In the <host> private key file field, click Choose file, navigate to your private key file, and then click Open.

    4. In the Key passphrase field, enter a passphrase for your private key.

  7. Click Upload keystore.

    The new keystore appears in the Select a <host> keystore window and the keystore is saved. You can either continue to create an endpoint or you can close the window.

Update an AS2 Host Keystore

When the certificate for your AS2 keystore is about to expire, follow these steps to obtain a new one:

  1. Depending on your organization’s policies, create a self-signed certificate and key pair, or obtain a new AS2 certificate from your certificate authority.

  2. Define a date on which you plan to switch to the new certificate.

  3. Share the new public certificate with your AS2 partners to give them sufficient lead time to plan the certificate switch on their side.

When it’s time to update the keystore with the new certificate, follow these steps:

  1. In the navigation menu, select <host>.

  2. In the Certificates section, click the keystore to update and then click Edit.

  3. In the <host> public certificate field, click Choose file, navigate to the updated public certificate, and click Open.

  4. In the <host> private key file field, click Choose file, navigate to the private key file, and click Open.

  5. In the Key passphrase field, enter the passphrase for the new keystore.

  6. Click Update keystore.

  7. After the keystore updates, do either of the following:

    • If you have one AS2 Receive from Partners endpoint that uses the keystore, open one message flow that references the endpoint and redeploy the flow.

    • If you have more than one AS2 Receive from Partners endpoint that uses the keystore, redeploy one message flow for each endpoint that uses the keystore.

    Anypoint Partner Manager updates the inbound and outbound AS2 applications in the runtime. The update can take up to 10 minutes to complete.

Delete an AS2 Host Keystore

You can delete an AS2 host keystore if it has not been assigned to an endpoint. You cannot delete a certificate if it is the only certificate that is uploaded.

To delete an AS2 host keystore:

  1. In the navigation menu, select Partners.

  2. Click on the partner whose certificate you want to delete.

  3. In the Certificates section, hover over the row associated with the certificate to delete.

  4. Click the trash can icon that appears.

Was this article helpful? Thanks for your feedback!
View on GitHub