cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

X.509 encryption for AS2 Adapter

Go to solution
former_member223432
Participant

on ‎01-15-2013 1:20 PM

0 Kudos

Hi,

we are working on one of interfac with BANK where we are using AS2 adapter...now they have come with the idea of using X.509 encryption and they wanted to check if that supports AS2 or not..we are using PI 7.1..can someone please help me in configuring X.509 encryption for As2 adapter and its pre requisites and any limitations wiht PI 7.1 if any..

will PI 7.1 supports X/.509 encryption?

please advise.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

S0003485845
Contributor
‎01-15-2013 9:08 PM
0 Kudos

Hi Smith,

X.509 is a standard that is currenly used by most applications that use the Public-Key-Infrastructure.

If you create a Private-Key in the NWA-Keystore, the certificate that can be exported from this key will be in X.509 Standard.

Also, if you need to encrypt, the Bank will most likely also provide you a certificate in X.509-Standard.

Actually, XI/PI expect that you use X.509 certificates, so this is all standard.

Also, the Seeburger AS2-Adapter is working perfectly fine if you encrypt with a X.509 certificate.

So there is no special prerequisite for using X,509...

For using it in AS2, you need to do the main steps according the configuration.

- create a view in NWA-KeyStore

- import the certificate to the view

- create a user in PI that has the authorization "view-creater" for this view

Then you can use this certificate in the Receiver-Agreement when you send out the files to the Bank and select the button "encrypt" in the Channel.

Regards

Stefan

Show replies
Show replies
former_member223432
Participant
‎01-17-2013 8:19 AM
0 Kudos

Hi Stefan,

thanks for your reply.

when i looked into our current set up...this is what i got.

which  gives two versions, one in PLCS#8 RSA and there is another version below certificate which is ver3. X.509..

Do you know what does this indicates?

If i need to add X.509 encryption..do i need to do the following? please advise.

1. Create a new Private key for X.509 and upload the certificates into it...which certificate i need to upload?

2. we also get the certificates from client(BANK)..do we need to import this into separate location if it's X.509 or same as other certificates.

please advise

S0003485845
Contributor
‎01-17-2013 10:05 AM
0 Kudos

Hi,

that looks like a perfect "KeyPair"...so your private key is in PKCS#8-version/format and the corresponding public certificate is stored in X.509 version.

If you receive the certificate from the Bank you can import it in any keystore-view you like (on the NWA KeyStore)...you just have to make sure that the correct Authorization is provided to the used "adapter-user" ...as specified in the initial post,

Regards

Stefan

former_member223432
Participant
‎01-17-2013 12:37 PM
0 Kudos

Hi Stefan,

Thanks...

Should we change the private key format to X.509 now in order to use X.509 encryption.

.both private and public key should have the same version/format right?

thanks

S0003485845
Contributor
‎01-17-2013 2:47 PM
0 Kudos

No....nothing needs to be changed.

X.509 is a certificate-format and not a private key format..all certificates that your partners will provide, will most likely be X.509

PKCS#8 (as well as PKCS#12) is a Private-Key-Format

former_member223432
Participant
‎01-24-2013 6:17 AM
0 Kudos

thanks stefan

Answers (0)

Ask a Question