Adding an AS2 security policy

Security policies establish guidelines to govern and ensure secure partner communications via AS2. The B2B Advanced Communications security policies define the most fortified transport security options, integrity options, nonrepudiation options, and confidentiality options.

Before you begin

You also can import an AS2 security policy as a resource from another installation of B2B Advanced Communications. For more information, see ../com.ibm.help.meg.reference.doc/meg_resource_commands.html.

About this task

You can add new security policies as your implementation evolves.

Procedure

  1. Log in to B2B Advanced Communications with the necessary access credentials.
  2. Select Security > Security Policies.
  3. In the collections page, click New.
  4. In the New Security Policy page, define the policy settings and click Save.

    Field

    Description

    Name

    Enter a name for the security policy. The name must be unique across the system.

    Description

    Optional: Enter the description for the security policy.

    Transport Layer Security

    Select whether to require basic HTTP authentication or HTTPS client authentication as the transport mechanism.

    Note: To use HTTPS client authentication, you must add a private-public key pair certificate to your system. When you select HTTPS client authentication usage, the certificate (looked up by certificate alias) is used to authenticate the HTTPS client.

    Integrity and Nonrepudiation

    Optional: Select Require signed messages to mandate that all messages must be digitally signed. When message signing is enabled, you can optionally select a digest algorithm and signing order.

    Note: To use message signing, you must add a private-public key pair certificate to your system. When you select Require signed messages, the certificate (looked up by certificate alias) is used to sign messages.

    Optional: Select Require signed MDN to mandate that all MDNs you receive from your partner must be digitally signed. When MDN signing is enabled, you can optionally select the digest algorithm.

    Note:
    • To require MDN signing, you must add a private-public key pair certificate to your system. When you select Require signed MDN, the certificate (looked up by certificate alias) is used to verify the signed MDNs from your partner.
    • For Anonymous Partner, you must use the embedded certificate for verification. You cannot configure the verification certificate in the Security Policy page.

    Confidentiality

    Optional: Select Require encrypted messages to mandate that all messages must be encrypted. When message encrypting is enabled, you can optionally select the strength of the encryption algorithm.

    Note: To require MDN signing, you must add the trading partner certificate to your system. When you select Require encrypted messages, the certificate (looked up by certificate alias) is used to encrypt and decrypt messages.