Managing Host Certificates

Anypoint Partner Manager supports the following types of host certificates:

Certificate Type Description Used by

Certificate Type	Description	Used by
Identity key	Private key used for authentication	The following types of endpoints, when the authentication type is `Identity Key` or `Basic and Identity Key`: SFTP Receive from Partners endpoints owned by the host SFTP Source at Host endpoints SFTP Send to Partners endpoints owned by the host SFTP Target at Host endpoints
Public certificate	Certificate generated by a certificate authority (CA)	HTTPS Send to Partners endpoints owned by the host, when the TLS context is set to `Use a self-signed certificate` HTTPS Target at Host endpoints, when the TLS context is set to `Use a self-signed certificate`

Identity key

Private key used for authentication

The following types of endpoints, when the authentication type is Identity Key or Basic and Identity Key:

Public certificate

Certificate generated by a certificate authority (CA)

HTTPS Send to Partners endpoints owned by the host, when the TLS context is set to Use a self-signed certificate
HTTPS Target at Host endpoints, when the TLS context is set to Use a self-signed certificate

For AS2 endpoints, you must also configure at least one host keystore, as described in Managing AS2 Host Keystores.

Add a Host Certificate

To add a host certificate:

In the sidebar, access the <host> page.
In the Certificates section, click New.
Select a certificate type.
Enter the settings for the selected certificate type:
- Public Certificate
- Identity Key
Click Save.

To configure settings for a public certificate:

In the Certificate name field, enter the name of the public certificate.
In the Certificate field, click Choose file and select a public certificate.

To configure settings for an identity key certificate:

In the Identity Key Name field, enter the name of the identity key certificate.
In the <host> Identity Key PEM File field, click Choose file and select an identity key certificate.
In the Key Passphrase field, enter a passphrase for protecting the identity key certificate.
In the Expiration Date field, optionally enter an expiration date for the certificate. This date is a reminder for you, but Anypoint Partner Manager doesn’t enforce it.

Update a host certificate by selecting a different certificate file to associate with the it:

In the sidebar, access the <host> page.
In the Certificates section, click the name of the certificate that you want to update.
Click Edit.
Click Choose File and select a certificate file.
Click Update.

If a host certificate isn’t associated with an endpoint, you can remove it from Anypoint Partner Manager:

In the sidebar, access the <host> page.
In the Certificates section, hover over the name of the host certificate to remove.
Click the trash can icon on the right.

To prevent inbound AS2 requests with expired certificates from being processed by Anypoint Partner Manager:

In the sidebar, access the <host> page.
In the Global endpoint settings section, click AS2 in the Inbound endpoint settings column.
Select Enforce AS2 certificate expiration date.
Click Save.