How To Seamlessly Transition a Personal Certificate in AS2

This article details how to accomplish the least obtrusive transition and prevent ruptured communications with your trading partners when your personal AS2 certificate.

1. Update to the latest build of CData Arc at https://arc.cdata.com/download/.

2. In Profile->AS2 Profile, create your new certificate. Make sure that the serial number is unique if you use the same subject fields as before (this helps your partners distinguish it from the old one).

   

3. After completing that dialog, the application will populate that certificate as the new personal certificate, but that won't be saved to your profile until you save the changes. Instead of using the new certificate right away, set it as the rollover certificate, and keep your old certificate as the personal certificate. You will now be able to decrypt messages encrypted with the new certificate if a trading partner adopts your new certificate early.

   By configuring a rollover certificate, you will use your new private key certificate or your original when decrypting incoming transmissions from your trading partners, so you can continue to accept incoming transmissions from partners encrypting with either certificate.

   

4. Provide the new public key to your trading partners and give them a date at which you will switch over. CData Arc uses only the new certificate to sign messages, as many AS2 solutions cannot process message signatures with multiple signer infos.

5. On the date of the switch, switch the configurations of the personal and rollover certificates.

   This will ensure that you can decrypt transmissions from both certificates throughout the crossover. Many AS2 solutions will make use of a certificate store to validate signatures, meaning that they can accept signatures from multiple certificates as long as they are configured, so this will ensure a fairly painless certificate transfer.