Managing AS2 Host Keystores
AS2 host keystores consist of a public certificate and private key. Configure at least one AS2 host keystore if you use AS2 endpoints.
Create an AS2 Host Keystore
To create an AS2 host keystore:
-
In the sidebar, access the <host> page.
-
In the Certificates section, click New.
-
In the Certificate Type field, select Private Keypair.
-
In the Keystore Name field, enter the name of the keystore file to store your organization’s private key.
-
In the <host> Public Certificate field, click Choose file to select a public certificate.
-
In the <host> Private Key File field, click Choose file to select a key file.
-
In the Key Passphrase field, enter a passphrase for protecting the private key.
Update an AS2 Host Keystore
When the certificate for your AS2 keystore is about to expire, perform the following steps to obtain a new one. You can update the keystore in a non-production environment and coordinate when to make the change in production with your partners.
-
Depending on your organization’s policies, create a self-signed certificate and key pair, or obtain a new AS2 certificate from your certificate authority.
-
Define a date on which you plan to switch to the new certificate.
-
Share the new public certificate with your AS2 partners to give them sufficient lead time to plan the certificate switch on their side.
When it’s time to update the keystore with the new certificate, follow these steps:
-
In the sidebar, access the <host> page.
-
In the Certificates section, click the keystore to update and then click Edit.
-
In the <host> public certificate field, click Choose file, navigate to the updated public certificate, and click Open.
-
In the <host> private key file field, click Choose file, navigate to the private key file, and click Open.
-
In the Key passphrase field, enter the passphrase for the new keystore.
-
Click Update keystore.
-
After the keystore updates, do either of the following:
-
If you have only one AS2 Receive from Partners or Send to Partners endpoint that uses the keystore, open one message flow that references the endpoint and redeploy the flow.
-
If you have more than one AS2 Receive from Partners or Send to Partners endpoint that uses the keystore, redeploy one message flow for each endpoint that uses the keystore.
Anypoint Partner Manager updates the inbound and outbound AS2 applications in the runtime. The update can take up to 10 minutes to complete.
-
Remove an AS2 Host Keystore
You can remove an AS2 host keystore from Partner Manager if it isn’t associated with an endpoint. You cannot delete a host keystore if it is the only keystore that is uploaded to Partner Manager.
To remove an AS2 host keystore:
-
In the sidebar, access the <host> page.
-
In the Certificates section, click the keystore certificate to remove.
-
Click Delete.