Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
Encrypt.png 78.1 kB 2 25-Oct-2018 04:31 Halmágyi Árpád
png
Screen Shot 2013-11-23 at 1.35... 30.3 kB 1 25-Oct-2018 04:31 Halmágyi Árpád
png
Screen Shot 2013-11-23 at 1.37... 72.2 kB 1 25-Oct-2018 04:31 Halmágyi Árpád
png
as2_options.png 55.7 kB 2 25-Oct-2018 04:31 Ben Spink
png
as2_receive.png 25.8 kB 2 25-Oct-2018 04:31 Ben Spink
png
as2_signing.png 17.1 kB 2 25-Oct-2018 04:31 Ben Spink
png
complete.png 158.7 kB 1 25-Oct-2018 04:31 Halmágyi Árpád
png
delete.png 49.4 kB 1 25-Oct-2018 04:31 Halmágyi Árpád
png
exclude1.png 42.0 kB 1 25-Oct-2018 04:31 Halmágyi Árpád
png
exclude2.png 41.1 kB 1 25-Oct-2018 04:31 Halmágyi Árpád
png
find.png 92.8 kB 4 25-Oct-2018 04:31 Halmágyi Árpád
png
new_vfs.png 3.6 kB 1 25-Oct-2018 04:31 Ben Spink
png
options.png 135.7 kB 2 25-Oct-2018 04:31 Halmágyi Árpád
png
signing.png 76.2 kB 2 25-Oct-2018 04:31 Halmágyi Árpád
png
tasks.png 47.0 kB 1 25-Oct-2018 04:31 Halmágyi Árpád

This page (revision-15) was last changed on 25-Oct-2018 04:31 by Halmágyi Árpád

This page was created on 25-Oct-2018 04:31 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed 8 lines
To configure AS2/3, you need to use the Java program called "keytool" to manage your certificates. Keytool is a command line program available on every OS, and it part of the Java install.
These screenshots assume the folder "/mycertificates/" contains the keystore file called "crushftp.jks" which is my private keystore containing both my public key used for encrypting and private key used for decrypting. It also assumes this folder contains "company.jks" which contains the trading partners public key used for encrypting files.
CrushFTP makes a "proxy" type of connection to do AS2/3. To send outgoing files, you use a typical FTP client and send the file to a specific directory in CrushFTP which in turn sends the file out using either AS2 or AS3.
The only difference between AS2 and AS3 is that AS3 destinations for the options is that the recipient URL starts with FTP:// or SFTP:// instead of HTTP(s)://.
To configure AS2 you need two parts. One a job to send the AS2 file to your partner, and two a user in the User Manager to receive the MDN response, or to receive files from your partner.\\
\\
First lets create a job. Notice there is no copy or move operation here. The AS2 item is the special protocol that does this type of activity. When the remote server sends a MDN, it is sent to an account you have setup for this in the User Manager...and this AS2 job waits for the MDN notification to come back internally from CrushFTP when that file is received.\\
\\
If the remote company is just sending you a file (not a MDN) it also comes in through the account in CrushFTP. In the User Manager, you can make accounts, and on each account you can configure the AS2 information to use for decrypting the incoming file. This account could also be used for normal FTP/SFTP/HTTP transfers too, but if you have AS2 configured, that info is used to decode and decrypt the AS2 data.\\
At line 11 changed one line
These are the settings for receiving files. Click the show all button in the user manager to see these. For incoming files, we CrushFTP requires BASIC authentication for AS2 over HTTP(s).
The general process will look like the one below:\\
[attachment|AS2/complete.png]\\
\\
\\
First you should have a Find task in the job. It is searching the specified folder to find items to use in future task items.\\
[attachment|AS2/find.png]\\
\\
For the second step, make sure you have the certificate of the AS2 receiving machine added as a trusted certificate in the keystore that you use. This certificate will be used for encrypting the data using the partners key. Your key will be used for signing the data.\\
\\
The AS2 task should be set similar to this:\\
[attachment|AS2/options.png]\\
[attachment|AS2/signing.png]\\
[attachment|AS2/Encrypt.png]\\
\\
After that is done, you should delete the encrypted files that you already have.\\
[attachment|AS2/delete.png]\\
\\
At line 13 removed one line
[attachment|as2_receive.png]
At line 15 removed 14 lines
Next, click the mini folder icon on the left with link symbol on it. Once this window is complete, you will be able to add permissions to the item as I have done on the right here.
[attachment|new_vfs.png]
Here is where you configure your specific AS2/3 settings for this outgoing item. Cipher strengths above 128 require higher strength policy files to be installed ([FAQ]).
[attachment|as2_options.png]
The signing keystore is your private keystore which is used to sign a message to the receiver can know it came from you.
[attachment|as2_signing.png]
The encryption keystore is the trading partners keystore that contains just their public certificate file. You encrypt with this file so that only they can decrypt it using their private key.
At line 28 added 4 lines
\\
You can create your own keystore using [Portecle]. Generate a new key pair, and give it a name appropriate to your company. Its this item you will right click on and share with your trading partner.
\\
You also use the tools menu to import your partner's public key too and give it an appropriate name. You can have these in separate keystores, or in one single one.
At line 31 removed 5 lines
If you have your partner's public key for who you want to send to, you need to import that into a keystore file.
{{{
keytool -importcert -alias {partner_name} -file {partner_public_key_file} -keystore {partner_name}.jks
}}}
That will be the keystore you use for the encryption tab. {partner_name}.jks
At line 37 changed 13 lines
For signing, and your public key you are going to give your partner...
{{{
keytool -genkeypair -alias {your_name} -keyalg RSA -keysize 1024 -keystore {your_name}.jks
}}}
Then get your public key out to give to your partner:
{{{
keytool -export -alias {your_name} -file {your_name}.cer -keystore {your_name}.jks
}}}
Send them the resulting {your_name}.cer file. That is your public key they can encrypt with. You set this keystore file {your_name}.jks on the "AS2/3 Decryption Key" panel of the user manager and on the signing tab of the VFS item.
Here is another screenshot of a complete example:
[attachment|as2_all.png]
[attachment|Portecle/new_keystore.png]\\
\\
[attachment|AS2/Screen Shot 2013-11-23 at 1.35.05 AM.png]\\
\\
[attachment|AS2/Screen Shot 2013-11-23 at 1.37.57 AM.png]\\
Version Date Modified Size Author Changes ... Change note
15 25-Oct-2018 04:31 2.354 kB Halmágyi Árpád to previous
14 25-Oct-2018 04:31 2.479 kB Halmágyi Árpád to previous | to last
13 25-Oct-2018 04:31 2.303 kB Halmágyi Árpád to previous | to last
12 25-Oct-2018 04:31 2.333 kB Ben Spink to previous | to last
11 25-Oct-2018 04:31 2.698 kB Halmágyi Árpád to previous | to last
10 25-Oct-2018 04:31 2.593 kB Halmágyi Árpád to previous | to last
9 25-Oct-2018 04:31 2.813 kB Ben Spink to previous | to last
8 25-Oct-2018 04:31 2.892 kB Ben Spink to previous | to last
7 25-Oct-2018 04:31 2.895 kB Ben Spink to previous | to last
6 25-Oct-2018 04:31 2.926 kB Ben Spink to previous | to last
5 25-Oct-2018 04:31 2.95 kB Ben Spink to previous | to last
4 25-Oct-2018 04:31 2.057 kB Ben Spink to previous | to last
3 25-Oct-2018 04:31 2.031 kB Ben Spink to previous | to last
2 25-Oct-2018 04:31 1.967 kB Ben Spink to previous | to last
1 25-Oct-2018 04:31 0.191 kB Ben Spink to last
« This page (revision-15) was last changed on 25-Oct-2018 04:31 by Halmágyi Árpád
G’day (anonymous guest)
CrushFTP9 | What's New

Referenced by
LeftMenu

JSPWiki