AS2 Best Practices
During the setup and testing phase of AS2 communications it is standard practice for each Trading Partner to send the other their AS2 certificate. This certificate is the public portion of a private/public key pair as well as the credentials that are needed.
AS2 applications, like 1 EDI Source’s AS2 Complete, use this combination of private and public keys in both the encryption and digital signature processes of the AS2 message life cycle.
As an example, when sending an EDI file, AS2 Complete packages the data into an AS2 message and then signs that message with your private key which creates a digital signature. Upon receipt of the message, your Trading Partner will verify that signature using the public key that matches your private key.
If the unthinkable happens and your AS2 machine suffers an operating system or hardware failure and you do not have a backup of your private key, you will have to create a new private/public key pair, re-distribute the public key to your trading partners and re-test with each. This can create delays in a time-critical process, but can easily be avoided by simply storing a backup of your private/public key pair in a secure location.
Here is how to accomplish this in AS2 Complete.
- Start the AS2 Administration Console.
- Click the “Certificate Management” button on the “Home” screen.
- Select your certificate from the list in the Certificate Manager. (Hint: In most cases, this should be the only one where “Has Private Key” is checked)
- Click the “Export” button.
- When the “Certificate Export” dialog appears, answer “No” to “Export public key only?”.
- Choose a location and a descriptive name for the private key file.
- Provide a password. You will need this if you ever need to restore this certificate, so keep it safe.
- Copy the exported private key file to a safe location and ensure that you have the password stored securely as well.