You can add a digital certificate to electronically validate your identity to a trading partner. Use Digital Certificates to add a private and public key pair digital certificate.
Before you begin
You also can import a certificate as a resource from another installation of AS4 Microservice. For more information about importing certificates as a resource with commands, see ../reference/as4/meg_resource_commands.html.
About this task
In AS4 Microservice, you can use a digital certificate to digitally sign a message for message authentication and integrity. Message authentication protects the integrity of a message, validates the identity of originator, and provides nonrepudiation of origin (dispute resolution). Message integrity ensures that the data that a recipient receives was not altered during transit. You can use a private and public key pair certificate to sign outbound messages. After you add the certificate, you must select it in the conformance policy to enable HTTPS client authentication, message signing, and signature verification. The information about the private and public key pair certificate is provided through the key identifier. If you receive a new private and public key pair digital certificate, you must add it to AS4 Microservice.
Important: When you add a .p12 file, the entire certificate chain is not automatically added. Only the private and public key pair certificate, and not the certificate authority certificates that are part of the trusted certificate chain, is added. Therefore, you must manually add any certificate authority certificates from the chain to AS4 Microservice.
Procedure
To add a private and public key pair digital certificate:
- Log in to AS4 Microservice as a Master Account Administrator or a user with the permissions to create digital certificates.
- Click .
- Click
- On the New Private and Public Key Pair page, specify values for the applicable fields as follows:
- Associated Organization
Click Select and select the owner organization with which the certificate is associated.
- Certificate File
Click Browse... to browse and select the certificate file.
Restriction: The certificate file must be a valid PKCS12 formatted keystore for public-private key pairs
(.P12 or .PFX file extensions) or DER encoded for public certificates (.DER file extension). Only one copy of a digital
certificate can be in the system, regardless of the certificate alias with which it is associated. Additionally, certificates cannot be used by more than one trading partner.
- Keystore Password
Optional: Specify a password for the keystore.
- Certificate Alias
Optional: Select whether to use an existing certificate alias or create a new certificate alias. All certificates must have an alias to enable the system to recognize the certificate name. The certificate alias enables an expired or soon to expire certificate in production during the process of moving to a new certificate.
If you choose Use an existing certificate alias, select the certificate alias from the list. When you add a certificate and use an existing certificate alias, the new certificate is added to the list of certificates that are already associated with that alias. If you choose to Create new certificate alias, enter the new alias that refers to the certificate.
Restriction: A certificate alias can be only associated with a maximum of two certificates. If a certificate alias already has two certificates that are associated with it, the alias is not displayed in the list of available aliases. Additionally, if the organization is using only certificate aliases that are already associated with two certificates, the Use an existing certificate alias option is not available.
- Certification Usage
You must select at least one usage:
- HTTPS client authentication
Enables certificate usage for HTTP client authentication. You can then specify that this certificate is used to authenticate this partner in the conformance policy.
- Signing / Signature verification
Enables certificate usage for signing outbound messages and
signature verification. You can then specify that this certificate
is used to sign the outbound exchange data in the conformance policy.
- Encryption / Decryption
Enables certificate usage for encryption and decryption.
You can then specify that this certificate is used to encrypt and
decrypt message data in the Synchronous response section
of the exchange profile.
- Effective from date
Specify the date and time from which the certificate is effective for use within AS4 Microservice. The certificate can be used
within AS4 Microservice after this date.
- Effective to date
Specify the date and time until which the certificate is effective for use within
AS4 Microservice. The certificate can be used
within AS4 Microservice after this date.
- Click Save to save the digital certificate and return to the Private and Public Key Pair Certificates collection page.