confused on what I need to do for partners certificate
no good, not working :-(
OK when i create a NEW partner called localPart1. remote site sends me a AS2 message with AS2 it set to "localPart1". Message arrives with error
"Receiver of message (localPart1) is not defined as the local station."
If I try and define localPart1 as the local station then I must use a private key in the security tab. The messages are signed but NOT encrypted.
I already have a local station setup, this is my "base" sending node, not a partner but me.
I have a public certificate (.cer file) from the trading partnet loaded into the keystore and setup as certificate to use in security tab in localPart1 parter config. Its impossible for me to set localPart1 as a local station as I dont have a private key of the trading partner, only my own.
help? :-(
Just to confirm this is the situation
I have my private key and my public key (looks like a key in mec-as2 security tab), I also have my trading partners public certificate (looks like a card in mec-as2 security tab). My partner has my public certificate, their public key and their private key.
They want to sign the message and I want to verify the message is genuine using their public key (using their .cer file). I have setup one local AS2 server with my AS2 id so I can send messages to ANY trading partner. I have also setup 2 remote stations, each with unique AS2 ids so they can send messages to unique in-boxes on my server based on AS2 id.
They are signing their messages using their private key.
I need 3 stations for my partner right?, one to send and two for the distinct inboxes I need (based on AS2 id). I have no need for their private key as all I want to do is validate messages are genuine with the .cer file they sent me. Loaded into keystore with portacle. I see my keypair in portacle/mec-as2 as a KEY and I see their cerficate loaded in as a CARD as i dont have a keypair only their public certificate.
Does this sound right so far?.
Heller,
Thanks for the quick response :-)
OK So lets say I have 2 clients, lets call them clientA and ClientB. Both of these clients have outsourced the AS2 process to someone I call Remote. I want to exchange data with "Remote" but I want to ensure documents that Remote sends me for ClientA go to one inbox and documents Remote sends me for ClientB go to another inbox, so there is no mix up of documents.
All documents coming from Remote have to be signed (to ensure they are authentic). I have setup one local station with my AS2 ID of "localAS2 server". I have setup 2 remote stations called ClientA and ClientB. The remote stations I have created have AS2 Id of ClientAID and ClientBID id.
I think what is happening is when Remote sends a signed message to me, Mec-AS2 complains that there is no local station with AS2 id of ClientAID or ClientBID. I have only setup ONE local station, me. I cant set ClientA or ClientB as local station as I dont have the private key, this is correct as I shouldn't have their private key.
So, how can I create these stations, and have messages sent to these stations, based on AS2 id and check the messages are signed ?. Doesn't look like its possible?, is it possible?.
amir,
I hope that I dont missunderstand you but are you looking for more than one local station in one system? This is not possible with m-e-c as2 in the actual state. You could have only a single identity in the system. Spoken from a business perspective this would mean that m-e-c as2 could not be used as application service provider or as an AS2 outsourcing solution at the moment. The actual architecture favors an installation direct at any end user/communication partner, not as hosting solution.
This idea is realized all over the product, e.g. there is no selection box for the sender at the manual message send dialog (the sender is always the same), also there could be only one partner marked as local station in the partner config panel.
Perhaps this helps: http://www.mec-community.com/node/280
Regards
Heller
Heller,
that link you posted, I saw it before, its pretty clear what I have to do. The downside to this approch is that we'll have to run around 20 instances of mec-as2 to cater for all our pseudo clients. They are not actual clients but we deal with their EDI needs.
If I have 20 clients I'll have the make 20 mec-as2 instances so that I have 20 unique "inboxes" for each trading partner, even though more than one client might use the same trading partner, to keep their files seperate i'll have to go to the multi-mec2 route.
I think it might be less messy if I change the context for the webapps so that there is one instance of jetty and 20 webapps. Is the context root harded coded any place ?. If the answer is no then it should be simple to do what we need. if it is then might be easier to run 20 instances of jetty on different ports if jetty isnt too heavy. Have you profiled the app to see how much resources it uses?.
amir,
changing the context root is done in context.xml in the mec_as2.war. But this will not help. Each servlet communicates with the same server, independent of the context root. The servlet is only the http communication interface, it does no as2 message processing.
Regards
Heller
Thanks for the info. seems I have to run multiple instances.
I'm curious, why is there provision for only one local station?. Is it because the AS2 specification only allows one ?. Or is it because its simply a design decision from early on in the development process?.
To summarize for anyone new to this forum, its currently a fact that whilst you can have lots of trading parters (destinations for AS2 messages) you can only have one local station (recipient), agreed?. Even if you choose to identify them with different AS2 id's.
Oh and sorry for all the questions, but are you the only developer working on this?, cant see any other developers here.
© 1999-2008 mendelson-e-commerce GmbH. All right reserved.
Hi,
I have been able to send and sign messages from my test server to my stage server without issue.
The problem is now i am trying to integrate with a partner. I have their .CER file but when I load this into portacle or mec-as2 I see it as a cert not as a key. I am unable to use to check messages as MEC as-2 wont use it.
When I setup the local station (to receive the as2 message based on AS2 id) I used their certificate to under "Security" tab. Mec-as2 says "Please assign a private key to the local station."
I think to receive a message from a partner I have to setup 2 partners in mec-as2. Once to send and one to receive, is this right?.
If I define only ONE partner in mec-as2 then I see
"Receiver of message (XXXX1) is not defined as the local station"
"Receiver of message (XXXX2) is not defined as the local station"
where (XXXX2) and (XXXX1) are the AS2 ids they send to us. This is why I made a partner config for (XXXX2) and (XXXX1) to capture those messages. How can I define a local station for each AS2 Id when I dont have their private key ?