In the part 1 of this blog series, you would have understood how to setup and configure AS2 Mendelson tool to post a simple AS2 message without encryption and signing to SAP Cloud Integration tenant.
In this blog, I would like to explain how to enhance a simple AS2 scenario by introducing AS2 features such as compression, signing and encryption for exchanging messages between two B2B partners.
I would discuss the following scenarios:
- Scenario 1: Configuring and posting AS2 message with Compression, Signing, Encryption and Synchronous MDN.
- Scenario 2: Configuring and posting AS2 message with Compression, Signing, Encryption and signed Asynchronous MDN.
In a typical B2B scenario, B2B Sender compresses, signs (Senders’ private key) and encrypts (Receivers’ public key) while sending the message. At B2B Receiver’s side, the receiver decrypts (Receivers’ private key), verifies the signature (Senders’ public key) and finally decompresses the message.
More details about public and private keys can be found here .
Here I am using private key Key2 of AS2 Mendelson tool for signing and a public certificate (e.g: picouser in my case) from SAP Cloud Integration tenant for encryption purpose.
For the AS2 secure message exchange to happen between Mendelson tool and SAP Cloud integration tenant, we need to exchange the public keys between these two applications.
1.1 Export public certificate of Key2 from AS2 Mendelson Tool and Import on to SAP Cloud Integration tenant:
Perform the steps mentioned below to export the public certificate of AS2 Mendelson to SAP Cloud Integration Tenant.
a) Navigate to File->Certificates->Sign/Crypt in the AS2 Mendelson tool.
b) Right click on the Key2 alias and select “Export certificate (for your trading partner)”
c) Export the certificate as Key2.cer
d) Import the above exported certificate to SAP Cloud Integration tenant.
Follow the blog Key store Monitor on how to manage the key store entries.
1.2 AS2 Local Station Configuration:
Modify the security properties of the Local station pointing to Key2 and keep the all other properties as it was configured in Part 1.
1.3 ABCCompany Configuration:
a) Export the public certificate that would be used for Encryption from SAP Cloud Integration tenant as shown below.
b) Import the certificate onto mendelson tool from File->Certificates->Sign/Crypt as shown below.
c) Choose the above imported certificate (e.g: in my case picouser ) for encryption and signature certificates and algorithms.
2. Scenario 1: Configuring and posting AS2 message with Compression,Signing, Encryption and Synchronous MDN:
The scenario involves the B2B Sender sending a EDI document which is compressed, signed and encrypted. The B2B Receiver returns MDN (The Internet messaging format used to convey a receipt.) to the sender during the same HTTP session as the sender’s original message.
2.1 ABCCompany configuration:
a) Select the Compress outbound messages in Send settings
b) Select Request sync MDN option from MDN settings
2.2 AS2 Sender Adapter Configuration:
a) Modify the security settings as shown below and keep other properties as it was done
in part 1
b) Save and Deploy the integration flow
2.3 Post AS2 message from AS2 Mendelson:
Message should be processed successfully.
3. Scenario 2: Configuring and posting AS2 message with Compression, Signing, Encryption and signed Asynchronous MDN
The scenario involves the B2B Sender sending a EDI document which is compressed, signed and encrypted. The B2B Receiver returns MDN (The Internet messaging format used to convey a receipt.) to the sender on a different communication session than the sender’s original message session.
Prerequisite: This scenario involves sending an Asynchronous MDN. You need to configure cloud connector to establish the communication between SAP Cloud integration tenant and on- premise system where mendelson has been installed.
a) Create a Virtual To Internal system mapping on Cloud connector as shown below.
b) Give access to all Path and sub-paths to the mapped system
3.1 ABCCompany configuration:
In the AS2 Mendelson tool, the MDN settings of ABCCompany should have the below configuration.
- Request Async MDN selected.
- Request signed MDN option is checked.
3.2 AS2 Sender Adapter Configuration:
a) Change the MDN settings of AS2 Sender adapter to have the configuration
- Provide the alias name of the private key from SAP Cloud Integration tenant.
- Select Proxy type as “On-Premise”.
Keep the other properties of AS2 Sender as configured in scenario 1.
b) Save and Deploy the integration flow.
3.3 Post AS2 message from mendelson tool:
Message should be processing successfully.
We have learnt on how to configure and send AS2 messages securely using signing and encryption.
In the next part of this blog series, I would extend this simple AS2 inbound scenario to use the EDI Flow steps to transform the ANSI X12 bulk payload to split, validate and convert to IDOC document.