How to Enable SSL for HTTPS/AS2 Server Connections

In this tutorial, you will learn how to create an SSL certificate used to protect the HTTP and AS2 tunnel in GoAnywhere. 

Learn more about AS2

Create an SSL Certificate

Before configuring the HTTPS/AS2 service, it is first necessary to create an SSL certificate that will be used to protect the HTTP tunnel.

To create the SSL certificate, log in to GoAnywhere MFT. Click Encryption from the main menu, and then click the Key Management System link. Here you will find a list of Key Vaults. From this page, click on the action icon next to the System Key Vault and select Manage Certificates.

 

Key Management System Manage Certificates
Key Management System - Manage Certificates

 

From within the Key Vault, you can import, create, or modify certificates. To create the new SSL certificate, click on Add Certificate. You will then need to complete the SSL Certificate form.

 

Creating an SSL Certificate
Creating an SSL Certificate

A few field notes:

This is the algorithm used to generate the key value for the Certificate.

This is the length (in bits) of the key. Values may be 1024, 2048, or 4096 bits. Larger key sizes will provide strong protection but will slow the performance of encryption and decryption processes.

This is the algorithm used for signing the Public key portion of the certificate. SHA256withRSA is recommended in most cases.

Assign a unique name to the Certificate (for example, “Certificate_for_Financial_Transfers”). It is not recommended to use spaces in the Alias. Instead, an underscore can be used to separate words.

Assign a unique name that your trading partner could use to verify your identity. It is recommended that you use your organization’s URL as the Common Name since it is unique to your organization. It is not recommended to use spaces in the Common Name.

 

When you are finished completing the SSL Certificate form, click Save, which will return you to the Key Vault.

 
 
 
Not using GoAnywhere MFT yet? Start a free trial and test it out for 30 days.

START FREE TRIAL 

Create a Signing Request

If you need a signed certificate, you’ll need to create a signing request for your Certificate that you will send to a Certificate Authority (CA). This is necessary if your trading partners require your Certificates to be signed by a CA and not self-signed.

Select the Action icon for the Certificate and then select the Generate CSR option. The file will download to your internet browser’s default folder. The file will be named using the Certificate’s Alias with a .csr extension. You can then send this file to a Certificate Authority (CA) for signing.

 

The Generate CSR Option
The Generate CSR Option

Importing a CA Approved Certificate

When your CSR is approved, you will receive a reply from your Certificate Authority that will contain an updated digital certificate. To import this certificate, return to the SSL Certificate Key Vault, select the Action icon for the Certificate and then select the Import CA Reply. You will be prompted to identify the location where the CA Reply file is located. Input the location or browse for the file.

 

It may also be necessary to import all intermediary and root CA public certificates into the key store to establish a trusted chain.

 

The Import CA Reply Option
The Import CA Reply Option

Assigning Your Certificate to the HTTPS Service

Now that your Certificate has been created and signed by a Certificate Authority, and the reply has been imported to your key store, you’ll need to assign the certificate to your HTTPS service. To do this, navigate to the Service Manager page via the Services drop-down menu. Once there, click the Action icon for HTTPS/AS2 Service and select the Edit option. On the HTTPS Configuration page, on the left-hand navigation pane, select Listener under the Server section.

In the Listener pane, navigate to the SSL tab. In the SSL tab, set the Certificate Location to System Key Vault. For the Key Name, select the name of the newly signed certificate. Once finished, Save and Finish your changes. Finally, restart the HTTPS/AS2 service by clicking on the Action icon and selecting Restart.

 

The HTTPS Configuration Listener Pane
The HTTPS Configuration Listener Pane
Aug
30
Tuesday
Aug 30, 2022
8:00 - 9:00am