A digital certificate is a method of electronically validating
identity.
About this task
In AS4 Microservice,
you use a digital certificate to digitally sign a message for message
authentication and integrity. Message authentication protects the
integrity of a message, validates the identity of originator, and
provides nonrepudiation of origin (dispute resolution). Message integrity
ensures that the data that a recipient receives was not altered during
transit. A trading partner certificate is received from your partner
and added to the system for that specific partner. The trading partner
certificate verifies the signature of an incoming message (either
a request or response message, depending on the direction) from that
partner. You can select the certificate to use for partner authentication
in the exchange profile.
After you receive a new trading partner
digital certificate, you must add it to AS4 Microservice.
Procedure
To add a trading partner digital certificate, complete
the following steps:
- Log in to AS4 Microservice with
the applicable access credentials.
- Click .
- Select Trading Partner Certificates.
- On the Trading Partner Certificates page,
click Add.
- On the Add Digital Certificates page,
enter the values.
| Field |
Description |
| Associated organization |
Click Select and select
the owner organization with which the certificate is associated. |
| Certificate file |
Click Upload to browse and select
the certificate file. Restriction: The certificate file
must be a valid PKCS12 formatted keystore for public-private key pairs
(.P12 or .PFX file extensions) or DER encoded for public certificates
(.DER file extension).
Tip: Only one copy of a digital
certificate can be in the system, regardless of the certificate alias
with which it is associated. Additionally, certificates cannot be
used by more than one trading partner.
|
| Certificate alias |
Select whether to use an existing certificate alias or create
a new certificate alias. All certificates must have an alias to enable
the system to recognize the certificate name. The certificate alias
allows you to keep a certificate that is expired (or will soon expire)
in production during the process of moving to a new certificate. If
you choose to Use an existing certificate alias,
select the certificate alias from the list.
Tip: When
you add a certificate and use an existing certificate alias, the new
certificate is added to the list of certificates that are already
associated with that alias.
Restriction: A certificate
alias can be only associated with a maximum of two certificates. If
a certificate alias already has two certificates that are associated
with it, the alias is not displayed in the list of available aliases.
Additionally, if the organization is using only certificate aliases
that are already associated with two certificates, the Use
an existing certificate alias option is not available.
If
you choose to Create new certificate alias,
enter the new alias that refers to the certificate.
|
| HTTPS client authentication |
Enables certificate usage for HTTP client authentication.
You can then specify that this certificate is used to authenticate
this partner in the conformance policy. |
| Signing / signature verification |
Enables certificate usage for signing outbound messages and
signature verification. You can then specify that this certificate
is used to sign the outbound exchange data in the conformance policy. |
| Encryption / decryption |
Enables certificate usage for encryption and decryption.
You can then specify that this certificate is used to encrypt and
decrypt message data in the Synchronous response section
of the exchange profile. |
| Effective date and time |
Optional: Specify the date and time when the certificate
is first valid for use. |
| Expiration date and time |
Optional: Specify the date and time when the certificate
expires. |
- Click Save to save the digital certificate
and return to the Trading Partner Certificates collection
page.