Biztalk for as2 encryption/Signature transfer exercise

Biztalk for as2 encryption/Signature transfer exercise

 

As2 is the most common method for securely and reliably transmitting data over the Internet. As2 creates an envelope for the information and sends it securely on the Internet using electronic certificates and encryption.

Therefore, it is widely used by many large companies, especially foreign companies, in the B2B field.

Biztalk has built-in support for as2 since 2006, and the configuration is very simple (if you know the basic principles of as2 and the basic configurations of BizTalk)

 

As2 Transmission Mode

 

In short, As2 is similar to SSL, which is transmitted over HTTP/HTTPS. It uses certificates for signature and encryption, therefore, certificates must be used for exchange and signing. (To put it bluntly, a certificate with a private key is required. The following describes how to apply for a certificate ).

 

Exercise Environment

 

One BizTalk (fabrikam) sends the XML file to another BizTalk (contoso) in as2 mode from the file directory. contoso BizTalk puts the received HTTP request to a file directory.

HTTPS (SSL) is not used here. If you want to use https, you only need to configure the received address to HTTPS.

Apply for Certificate

 

In this environment, I need two certificates, one for fabrikam and one for contoso, and then export and exchange the public key.

The easiest way to apply for a certificate is to create a CA Service with a certificate. The certificate chain is available. It is too cumbersome to create a certificate by using commands. I have not obtained the desired certificate for a long time.

Make sure to select when applying for a certificate

The certificate has a private key.

 

2. After applying for this certificate, you must import the certificate (if you apply for it through IE, the system will automatically install it ).

Import the certificates to the current user's individual.

Import the Public Key Certificate exported by the other party to another person of the current user.

NOTE: If BizTalk reports "the signing certificate has not been configured" error using certificates with EDI/as2, this may be because your current user and BizTalk instance are not configured with the same account, therefore, the certificate cannot be found. Therefore, you must use the BizTalk service account to export allowed commands.RunAs/User: biztalkserviceaccount MMC

 

After the certificate is configured, more than half of it is completed.

Configure certificates on BizTalk

 

The following describes the purpose of the certificate.

 

 

For more information about BizTalk certificate configuration, see

Http://msdn.microsoft.com/zh-cn/library/bb728096.aspx

 

The certificate for signature is deployed in

Deploy the decrypted Certificate in

The certificate for signature verification is deployed in

Configure BizTalk parties

 

Fabrikam BizTalk Configuration

 

The configuration of parties is very critical. Party means that your partner communicates with your party.

Create a contoso party in fabrikam BizTalk. You do not need to call fabrikam again here.

Set the following sending Port

In this way, the sending port (sendtocontoso) can read the properties configured by this party and write them to the HTTP context and post them to the remote address for communication.

Configure as2 Properties

 

For fabrikam, contoso is to receive and put messages. Therefore, we only need to configure [Party as as2 Message Receiver] fabrikam outbound messages to be signed/encrypted. AS2-From/AS2-To is well defined.

Request MDN is similar to ACK, but HTTP/HTTPS itself has request/response. If it is called, an HTTP Error will be returned immediately.Code401,500, so generally no configuration is required.

 

Contoso BizTalk Configuration

 

In contoso BizTalk parties, you only need to see one fabrikam. Fabrikam is the sender of contoso.

Configure the certificate of the public key exported by fabrikam for Signature Verification

Configure as2 Properties

 

By default

This completes the configuration.

Test

 

Create a new receiving port in fabrikam BizTalk to receive data from the file directory. Enter the address of the sendtocontoso sending port to the recipient's receiving URL.

 

Contoso BizTalk creates an HTTP receiving port to receive data from fabrikam post and save it to the file directory.

 

OK. It is helpful for the first time to use BizTalk to develop the as2 project. Leave a message if you need support.