cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Renewing public key certificate used for Seeburger AS2

Go to solution
former_member74203
Explorer

on ‎04-29-2015 9:03 PM

0 Kudos

My general question is when a public key certificate, used for Seeburger AS2 payload decryption and digital signatures, needs to be renewed, how carefully do the certificate renewal steps need to be coordinated for a seamless transition?  More specifically...

1. Once we import the CSR response from the CA, will the public key currently used by our partner become invalid, or will it continue to work until its expiration date? 

2. Will our partner be able to validate our signature after the new CSR has been imported, but prior to them applying the new public key certificate in their system? 

3. Or can we renew the certificate, import the CSR request, provide our partner with the renewed certificate, and let them apply the certificate at their own volition, provided they do it prior to the original certificate expiration?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

engswee
Active Contributor
‎04-30-2015 2:10 AM
0 Kudos

Hi Kurt

In my experience, the renewal/replacement of AS2 certificates for encryption/decryption & signing/authentication requires coordinated effort on both sides.

This is because AS2 uses asymmetrical encryption, so both parties need to use the same pair of certificates at the same time, i.e. you encrypt on your private key, and partner decrypt on the public key matching your private key. If the keys used do not belong to the same pair, then decryption will not work.

I'm not sure what AS2 software your partner uses and if it has the feature of automatic rollover of certificate, but PI/Seeburger does not. The approach in PI/Seeburger can either be one of the following:-

i) import new cert replacing original cert of the same name

ii) import new cert into new name, manually update sender/receiver agreements

Due to the manual nature of the tasks, normally it requires coordinated effort during a cutover window.

Rgds

Eng Swee

Show replies
Show replies
former_member74203
Explorer
‎04-30-2015 2:51 PM
0 Kudos

Thank you for the answer Eng Swee.

Answers (0)

Ask a Question