Setting-up the AS2-Client profile (send profile)
To send messages via AS2, you need a send profile. To create such a profile, please proceed as follows:
Using Webcontrol, select the menu item Communication → Profiles from the left navigation bar.
Click on the Create new entry button on the top right of the screen.
The partner certificate should already exist in your keystore.
Select *AS2 as the module type and *SEND as the direction. Also assign a profile ID (a number to which you want to assign this profile).
Next, specify the connection parameter of the partner. This is the IP address and the port on a remote system you want to connect to using AS2.
Decide whether the connection should be established using SSL. Note that this option must be supported by your partner.
Now enter the AS2 parameters of the connection. This includes the AS2-TO (the recipient's address), the encryption alias (alias of the partner certificate in your keystore) and the encryption algorithm to be used.
In the last step you specify the exact settings for the MDN.
For the time being, you can leave the other settings for the connection in the standard setting, since these settings only affect fine-tuning.
Explanation of the parameter:
Parameter | Explanation |
---|---|
Host/IP | The IP address or the hostname of the AS2 server of your communication partner, which can be resolved by DNS. |
Port | The port number of your communications partner's AS2 server. |
SSL | This parameter controls the protocol to be used. Specify here whether AS2 communication is to take place using SSL/HTTPS (Secure Socket Layer) or normal HTTP. |
Client Authentication required (only SSL = yes) | Sofern eine Client Authentifizierung gewünscht ist, ist dieser Parameter zu aktivieren |
Import of unknown certificates (only SSL = yes) | Enter the value *YES in this parameter to automatically import the server certificates that are not available in your keystore for connections via https (SSL/TLS). However, in this case you should be aware that you automatically trust every server you connect to via https and whose certificate is NOT included in your keystore. If this parameter is set with the value *NO and the certificate of the server you are trying to connect to is not included in your keystore, the connection will be closed automatically. The connection termination is correct in this case, because the certificate is not contained in your keystore and therefore the identity of the server cannot be verified. |
SSL connection certificate (only with Client Authentification required = yes) | Name of the key pair in the keystore that contains your public key (the certificate) for authentication. This certificate is sent to the server when the AS2 message is sent. It must of course be in the keystore of your partner's AS2 server before the connection is established. |
AS2-TO receiving identification | The AS2-ID of your communication partners. This ID is unique for each partner und must be agreed upon between you and your partner. Mostly this ID is the GLN (Global Location Number) of the partner. By means of the ID entered here, the communication partner is also unambiguously assigned in i-effect when receiving AS2 messages from this partner. |
Encryption alias | The name designated to the partner's entry in your keystore. The certificate is the public key of your communication partners and must be sent to you by your partner. This digitally encrypts the message. The recipient can then decrypt the message only with the appropriate private key. |
Eencryption algorithm | The signature algorithm with which the AS2 message is to be digitally signed. |
MDN Option | Use this parameter to specify whether and how an MDN should be requested by your partner. Frequently, your partner tells you which setting is expected. AS2 offers the possibility to request acknowledgements of receipt for your sent AS2 messages. Acknowledgments of receipt, so-called MDNs (Message Disposition Notification) can be requested synchronously or asynchronously. Sychronous with AS2 means: The MDN you requested must be sent back using the same connection to your partner. If the transmission of a synchronously requested MDN does not take place via the connection you have established, the transmission process is terminated as unsuccessful, even if the transmission of the AS2 message has been successfully completed.This is necessary because the absence of the MDNs does not ensure that the AS2 message sent has been received and successfully processed by your partner.This may occur when sending large amounts of data with a synchronous MDN request, since the target system cannot process the data in the time defined as "receive timeout" in the AS2 send profile. The AS2 client then terminates the established connection before the MDN could be transferred from your partner to you. To prevent such situations when sending large amounts of data, you can also request an asynchronous MDN for these AS2 messages. However, you should first discuss with your partners whether their AS2 systems are able to send asynchronously requested MDNs. Please note that the MDN option *ASYNCH should be used when sending to the Telekom AS2 Gateway. Otherwise (with *SYNCH) you may not receive the feedback about possible errors in the conversion and delivery of the message into the X.400 box of the partner. |
MDN Signatur | The parameter specifies which algorithm the receiver of the AS2 message must use to sign the MDN. However, if the sent AS2 message is signed with the algorithm SHA1, the receiver is automatically forced to also sign the MDN with the algorithm SHA1. In this case, the selection *MD5 in this parameter is ignored. Only if you send an unsigned AS2 message, the selection of this parameter is effective. |
Connection timeout | The AS2 client waits for the time specified here to establish a connection to a remote host (to your partner's server). If the connection to your partner's server is not established after the time defined here in seconds, the transmission process is cancelled. After the time defined in parameter send retry pause, the transmission is then repeated. |
Read timeout | After the connection to your partner's server has been established and the data transferred, the AS2-client waits the time defined here to receive an OK (Http status code 200) from your partner's server. If the required OK is not received within the time defined here, the *AS2 module will report a timeout error for the transmission. Unfortunately, it is not possible to define a rule of thumb for the time to be entered here. Only empirical values can be taken into account when allocating this time. |
Content type | The default type of content of a AS2 message, e. g. *BINARY, *EDIFACT, *XML, *X12, *X12, *FRMFILE or *CONSENT. |
Content summary | This parameter determines how the payload (user data) of the AS2 message is marked. The value should be left at the default *ATTACH setting. Your AS2 communication partner will inform you if the other label *INLINE is to be used. |
Compress | Specifies whether the AS2 message is to be compressed. The compression is done MIME conform (pkcs7-mime) using the ZLIB algorithm. |
SSL connection certificate | If SSL connections have been enabled, this parameter specifies the name of the key pair in the keystore that contains the public key (the certificate) for the authentication. The certificate is transmitted to the server when sending the AS2 message. It must be located in the keystore of your partner's AS2 server before the connection is established. |
Description | If required, you can enter a short description of the AS2 send profile created here. The text entered here has a purely informal character and is therefore freely selectable. |