Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
Encrypt.png 78.1 kB 2 29-Dec-2020 05:25 Halmágyi Árpád
png
Screen Shot 2013-11-23 at 1.35... 30.3 kB 1 29-Dec-2020 05:25 Halmágyi Árpád
png
Screen Shot 2013-11-23 at 1.37... 72.2 kB 1 29-Dec-2020 05:25 Halmágyi Árpád
png
as2_options.png 55.7 kB 2 29-Dec-2020 05:25 Ben Spink
png
as2_receive.png 25.8 kB 2 29-Dec-2020 05:25 Ben Spink
png
as2_signing.png 17.1 kB 2 29-Dec-2020 05:25 Ben Spink
png
complete.png 158.7 kB 1 29-Dec-2020 05:25 Halmágyi Árpád
png
delete.png 49.4 kB 1 29-Dec-2020 05:25 Halmágyi Árpád
png
exclude1.png 42.0 kB 1 29-Dec-2020 05:25 Halmágyi Árpád
png
exclude2.png 41.1 kB 1 29-Dec-2020 05:25 Halmágyi Árpád
png
find.png 92.8 kB 4 29-Dec-2020 05:25 Halmágyi Árpád
png
new_vfs.png 3.6 kB 1 29-Dec-2020 05:25 Ben Spink
png
options.png 135.7 kB 2 29-Dec-2020 05:25 Halmágyi Árpád
png
signing.png 76.2 kB 2 29-Dec-2020 05:25 Halmágyi Árpád
png
tasks.png 47.0 kB 1 29-Dec-2020 05:25 Halmágyi Árpád

This page (revision-16) was last changed on 09-Jun-2021 03:44 by Ben Spink

This page was created on 29-Dec-2020 05:25 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed 8 lines
To configure AS2/3, you need to use the Java program called "keytool" to manage your certificates. Keytool is a command line program available on every OS, and it part of the Java install.
These screenshots assume the folder "/mycertificates/" contains the keystore file called "crushftp.jks" which is my private keystore containing both my public key used for encrypting and private key used for decrypting. It also assumes this folder contains "company.jks" which contains the trading partners public key used for encrypting files.
CrushFTP makes a "proxy" type of connection to do AS2/3. To send outgoing files, you use a typical FTP client and send the file to a specific directory in CrushFTP which in turn sends the file out using either AS2 or AS3.
The only difference between AS2 and AS3 is that AS3 destinations for the options is that the recipient URL starts with FTP:// or SFTP:// instead of HTTP(s)://.
To configure AS2 you need two parts. One a job to send the AS2 file to your partner, and two a user in the User Manager to receive the MDN response, or to receive files from your partner.\\
\\
First lets create a job. Notice there is no copy or move operation here. The AS2 item is the special protocol that does this type of activity. When the remote server sends a MDN, it is sent to an account you have setup for this in the User Manager...and this AS2 job waits for the MDN notification to come back internally from CrushFTP when that file is received.\\
\\
If the remote company is just sending you a file (not a MDN) it also comes in through the account in CrushFTP. In the User Manager, you can make accounts, and on each account you can configure the AS2 information to use for decrypting the incoming file. This account could also be used for normal FTP/SFTP/HTTP transfers too, but if you have AS2 configured, that info is used to decode and decrypt the AS2 data.\\
At line 11 changed one line
These are the settings for receiving files. Click the show all button in the user manager to see these. For incoming files, we CrushFTP requires BASIC authentication for AS2 over HTTP(s).
The general process will look like the one below:\\
[attachment|AS2/complete.png]\\
\\
\\
First you should have a Find task in the job. It is searching the specified folder to find items to use in future task items.\\
[attachment|AS2/find.png]\\
\\
For the second step, make sure you have the certificate of the AS2 receiving machine added as a trusted certificate in the keystore that you use. This certificate will be used for encrypting the data using the partners key. Your key will be used for signing the data.\\
\\
The AS2 task should be set similar to this:\\
[attachment|AS2/options.png]\\
[attachment|AS2/signing.png]\\
[attachment|AS2/Encrypt.png]\\
\\
After that is done, you should delete the encrypted files that you already have.\\
[attachment|AS2/delete.png]\\
\\
At line 13 removed one line
[attachment|as2_receive.png]
At line 15 changed one line
Next, click the mini folder icon on the left with a ? + sign on it. Once this window is complete, you will be able to add permissions to the item as I have done on the right here.
-----
\\
You can create your own keystore using [Portecle]. Generate a new key pair, and give it a name appropriate to your company. Its this item you will right click on and share with your trading partner.
\\
You also use the tools menu to import your partner's public key too and give it an appropriate name. You can have these in separate keystores, or in one single one.
At line 17 removed one line
[attachment|as2_vfs.png]
At line 19 changed one line
Here is where you configure your specific AS2/3 settings for this outgoing item. Cipher strengths above 128 require higher strength policy files to be installed ([FAQ]).
[attachment|Portecle/new_keystore.png]\\
\\
[attachment|AS2/Screen Shot 2013-11-23 at 1.35.05 AM.png]\\
\\
[attachment|AS2/Screen Shot 2013-11-23 at 1.37.57 AM.png]\\
----\\
!!As of CrushFTP v10.0.0_26+, you can improve AS2 processing flow.\\
At line 21 changed 13 lines
[attachment|as2_options.png]
The signing keystore is your private keystore which is used to sign a message to the receiver can know it came from you.
[attachment|as2_signing.png]
The encryption keystore is the trading partners keystore that contains just their public certificate file. You encrypt with this file so that only they can decrypt it using their private key.
[attachment|as2_encrypting.png]
-----
If you have your partner's public key for who you want to send to, you need to import that into a keystore file.
Example Job flow:\\
At line 35 changed one line
keytool -importcert -alias {partner_name} -file {partner_public_key_file} -keystore {partner_name}.jks
Find task
AS2 task, 120 seocnd wait for MDNs
The red dot, and green dot, both go to next step which is a Jump task.
Jump task, turn off if/else. Criteria is "{mdn_result}" equals blank.
TRUE dot goes to a delete task or otherwise successful action task
FALSE dot goes to a notification task or moving to a failed directory.
Green dot goes to End...or next step.
At line 37 changed 15 lines
That will be the keystore you use for the encryption tab. {partner_name}.jks
For signing, and your public key you are going to give your partner...
{{{
keytool -genkeypair -alias {your_name} -keyalg RSA -keysize 1024 -keystore {your_name}.jks
}}}
Then get your public key out to give to your partner:
{{{
keytool -export -alias {your_name} -file {your_name}.cer -keystore {your_name}.jks
}}}
Send them the resulting {your_name}.cer file. That is your public key they can encrypt with. You set this keystore file {your_name}.jks on the "AS2/3 Decryption Key" panel of the user manager and on the signing tab of the VFS item.
Here is another screenshot of a complete example:
[attachment|as2_all.png]
This green dot has the complete list of success/failed items, as long as they weren't deleted in the sub tasks from Jump.
Version Date Modified Size Author Changes ... Change note
16 09-Jun-2021 03:44 2.958 kB Ben Spink to previous
15 29-Dec-2020 05:25 2.354 kB Halmágyi Árpád to previous | to last
14 29-Dec-2020 05:25 2.479 kB Halmágyi Árpád to previous | to last
13 29-Dec-2020 05:25 2.303 kB Halmágyi Árpád to previous | to last
12 29-Dec-2020 05:25 2.333 kB Ben Spink to previous | to last
11 29-Dec-2020 05:25 2.698 kB Halmágyi Árpád to previous | to last
10 29-Dec-2020 05:25 2.593 kB Halmágyi Árpád to previous | to last
9 29-Dec-2020 05:25 2.813 kB Ben Spink to previous | to last
8 29-Dec-2020 05:25 2.892 kB Ben Spink to previous | to last
7 29-Dec-2020 05:25 2.895 kB Ben Spink to previous | to last
6 29-Dec-2020 05:25 2.926 kB Ben Spink to previous | to last
5 29-Dec-2020 05:25 2.95 kB Ben Spink to previous | to last
4 29-Dec-2020 05:25 2.057 kB Ben Spink to previous | to last
3 29-Dec-2020 05:25 2.031 kB Ben Spink to previous | to last
2 29-Dec-2020 05:25 1.967 kB Ben Spink to previous | to last
1 29-Dec-2020 05:25 0.191 kB Ben Spink to last
« This page (revision-16) was last changed on 09-Jun-2021 03:44 by Ben Spink
G’day (anonymous guest)
CrushFTP10 | What's New

Referenced by
LeftMenu

JSPWiki