Our company’s EDIINT AS2 certificates are getting expired by the end of Feb 2012. Currently, our Public certificates along with CA chain has been provided to around 170+ partners.
I want only 20 partners to change the certificate at a time. Is it possible for us to maintain old and new AS2 Certificates on Enterprise profile (PROD) at the same time - so that, If any of the partner fails to renew our Certificates on their system - They should still be able to communicate with our server (with no impact) until our older certs are expired?
No I don’t think it works if you load multiple certs/chain in the profile…But you can test it QA/staging and see if the SSL handshake/chain verification works as expected with TP connectivity:
Note that we have 2 different types of certificates. 1 for SSL on Proxies and the other one for AS2 connectivity on Reals (internal). Both are expiring more or less in the same week.
170+ Trading Partners are located in different countries and they work in different timezones. It is impossible to ask all of them to change at the same time. I was looking for a solution with a minimal impact on business. Especially, Partner’s failure to renew the certificates at the specified time will be fatal on PROD.
I am fear there isn’t any other way having new certs load and intimate TP’s to use your renewed certs…Did you discuss with SAG support folks for any alternatives.
Yes I understand your criticality but at somepoint, most folks do before hand notification/alert all TP’s for this change to happen on a certain date (mandatory) and they should abide with your certs change in order to continue their bussiness with your enterprise: