The latest version at the time of writing was version 1.1b37, which requires some tweaking of the scripts on Linux, and a replacement of the default keystore to overcome this issue, as the keystore shipped is corrupted. First download the distribution from the SourceForge page and create a directory on your local machine, and unzip the distribution there. Next replace the default certificate file with the version from the UltraESB distribution (i.e. samples/conf/keys/certificates.p12)

Mendelson AS2 Installation

As per the last line above, edit the start script and add the following section before the last line "java -Xmx1024M -Xms92M …"

Start Script Changes

Save the script changes, and invoke the mendelson AS2 client executing the shell script as "./mendelson_as2_start.sh"

Once the mendelson client starts up, go to File → Reload Keystore

Note: With some versions, you would have to start the mendelson open source AS2 with the "mendelson_as2_start.sh" script (or the equivalent under Windows), and then from the main console, select "File"→"Preferences" and then the "Security" tab. Replace the default password with "password" which is the password for the new key store. Now, select "File"→ "Reload Keystore" to reload the new keystore using the correct credentials. There are two keystores used by mendelson - one for AS2 communications and one for SSL. The default password for the SSL keystore is "test" in mendelson AS2.

Press the "Partner" button on the top menu, and setup the local AS2 station "mycompany" to use the private key "server2" for encryption and signatures. We will use the credentials of "server1" in our sample UltraESB AS2 examples. For real AS2 communication, you will need to create a new keystore with similar credentials. Also, you will need to add any certificates or CA certificates as required for your trust store of the UltraESB AS2 configuration.

Next rename the local station "mycompany" as "mendelson" - for both the name and the AS2 ID. On the MDN tab, set the asynchronous MDN URL to: http://localhost:8080/as2/HttpReceiver for testing on the same machine with the UltraESB

Next, create a new partner, and similarly to the above screen, name it "adroitlogic" for both the name and AS2 ID. On the Security tab, ensure that "server1" is selected for both encryption and signatures. On the Send tab, specify the URL of the UltraESB AS2 receiver - http://localhost:8280/service/as2-receiver

You are now ready to try out the sample # 352 with the mendelson AS2 client you’ve just setup!

To get a better understanding of the above setup, let us review the configuration steps we performed. The following diagram illustrates the two trading partners we’ve setup. The UltraESB sample # 352 configuration uses the AS2 identifier "adroitlogic" while the mendelson AS2 client uses the identifier "mendelson". The AS2 URL and the URL for asynchronous MDNs for each partner are listed below, and are configured in each system accordingly. In mendelson AS2, the partner "adroitlogic" lists this information, while in the UltraESB, the persistence database (if used) or the configuration will provide the remote partner information.

The mendelson AS2 keystore "certificates.p12" is a PKCS12 keystore, and the Java keytool may not show its full contents on a list command. We’ve used the open source Portecle tool to work with this keystore. It contains the private key and a certificate under alias "server2" which is trusted by the remote party, the UltraESB sample # 352 configuration. The UltraESB uses the trust key store to include trusted certificates of trading partners, and/or the trusted Certification Authority (CA) certificates that usually sign end user certificates. In the sample trust.jks file we use, both the "server2" and the "demo-ca" certificate of the signing CA are stored - but the CA certificate is enough for the validation. The mendelson AS2 keystore stores the "demo-ca" certificate as well as the server1 certificate used by the UltraESB sample # 352 - but again, the CA certificate is adequate for validation.

When sending Signed messages, each party uses its private key to sign, and the remote party uses the [certificate or the] CA certificate to validate this signature. When encrypting, each party uses its private key and the remote party decrypts the message using the public key of the partner stored in the certificate.