I started the implementation of AS2 and MDN for one of our EDI client. Here are some thoughts about the AS2 implementation in BizTalk when I looked at below url at MSDN.
http://msdn.microsoft.com/en-us/library/bb728096(BTS.20).aspx
1- Signature (outbound) - This is required in a scenario when you send a signed document to the partner. For this you need to create your own "private key" and this will be stored under "Current User\Personal". This is the signing certificate used for sending signed messages to a specific party.
2- Signature verification (inbound) - This is required to verify the signed document sent by the partner and you need Trading partner's public key (.cer) to verify this. You need to store this public key cert in the certificate store under Other People section.
The above two covers the signing of the outbound and inbound documents. Now the remaining two talks about Encryption and Decryption. Along with signing Encryption is also required for outgoing document.
1- Encryption (outbound) - Again in order to encrypt you need Trading partner's public key (.cer) [The same is used for signing of inbound document from partners]. and this will be stored at the same location which Local computer\Other People store.
2- Decryption (inbound) - Now you need to decrypt the inbound document and for this you need Own private key (.pfx). For the BizTalk MIME Decoder, the certificate must be in the Certificate page of the host used for receiving the message. This is not necessary for the AS2 Decoder.
For all this you need to install the certifcates to the certificate store in your local computer.
[Very importent to read] Now when you start the implementation of AS2 over HTTP below are some of the prerequisites which needs to be fulfilled.
1- Need Client certificate (.cer) to map it to the AS2 Web site as we are implementing Encryption and signing features of the AS2.
2- Server certificates should be available on the both the boxes. To verify this Run MMC from command prompt. File --> Add/Remove snap in --> Certificates --> Select "My user" --> Personal Store --> Client.
Authntication issued to that Server with the Server name/ Domain name (To cross check this domain name should be pinged and should have same IP as the server IP) also the check the expiry date of the certificate.
This is at the BizTalk side. In the next post I will talk about the partner side (Client) configuration.
Implementing AS2 is challanging. Let us know if you run into any issue.
Regards
Vishnu