AS2 transfer sites

Although transfers using the AS2 protocol function in a different way than the other supported protocols, you can subscribe accounts with AS2 transfer sites to applications. Among the standard applications, the Site Mailbox and Standard Router applications are appropriate for an AS2 transfer site.

Unlike transfer sites for other transfer protocols, an AS2 transfer site is also used for transfers initiated by the remote AS2 site (considered client-initiated by SecureTransport). Only the fields marked with an asterisk (*) as required are needed to define the partnership to enable these transfers.

For detailed information about AS2 transfers, see AS2 transfers.

The following table describes the AS2 protocol options for defining a transfer site.

Field Description
SecureTransport Server Settings
AS2 Name*

The local partnership name, which the remote AS2 site uses to identify to this SecureTransport Server. Each AS2 transfer site for a user must have a unique AS2 Name.

You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.

Signing Certificate (Optional) The alias that represents the server or partner certificate used to sign a message.
Encryption Certificate (Optional) The alias that represents the server or partner certificate used to encrypt a message.
Email The email address used to receive information from the remote AS2 site. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Remote Site Settings
AS2 Name* The remote partnership name, which the SecureTransport Server uses to identify to the remote AS2 site. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
URL The URL used to access the remote site. For example, https://as2.example.com:10443,https://172.23.34.45:10443, or https://[FC00:1234:2345:3456::]:10443. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Alternative addresses

This set of options allow you to add, delete and set a priority order of alternative endpoints. These endpoints act as backup alternatives to the configured Server-Port Site Settings and are particularly useful in cases of transfer failures. Specifying alternative endpoints as backup servers provides a way to temporarily reroute pending transfers and minimize the risk of transfer failure. With the AS2 transfer sites, the connection to each alternative endpoint is defined by its URL.

  • To add an alternative server endpoint, click New Address. The Alternative Addresses table expands with a new row, that allows you to enter a hostname (or IP address), a port number and save these changes.
  • To delete an alternative server endpoint, select the corresponding check-box on the same row and click Delete.
  • To reorder the list of alternative endpoints, click Reorder. A new option (upward and downward arrow) appears next to each entry. You must hover with the mouse pointer over this newly appeared option and the mouse pointer will assume the "move" shape: a four-directional arrow pointer. This indicates which alternative endpoint is on focus. You can now drag & drop it up and down to the order number you want it at. Perform this action with other alternative endpoints until the list is ordered according to your needs. When you are done, click Save Order to keep the newly changed order.

Visibility of this option is controlled with the value set for the TransferSite.AlternativeAddresses.retryPolicy configuration option. It allows you to set a "retry policy" with a list of alternative endpoints (presented in URLs with AS2 transfer sites) you define on this screen. But before you are able to do so, you must go to Operations > Server Configuration and set the policy type using either of the following values:

  • AllHostsOnEachRetry – with this policy SecureTransport iterates through each endpoint, one by one, starting with the first in the list. If connection not successful, SecureTransport will continue trying each endpoint one after another until the maximum number of retries is reached. You can set the maximum retry value by editing the EventQueue.maxRetryCount configuration option.
  • OneHostOnEachRetry – with this policy SecureTransport tries to connect to the first endpoint in the list. If connection not successful, SecureTransport will continue trying that endpoint until the maximum number of retries is reached; and then will move to the next one in the list. Following that same pattern, SecureTransport will try each endpoint until success; or until end of list. You can set the maximum retry value by editing the EventQueue.maxRetryCount configuration option.
  • Disabled (default) – this is the default value that keeps the table with endpoints entirely hidden from view.

Network Zone

The network zone that defines the proxies to use for transfers through this site.

  • Select none to connect directly to the partner AS2 server.
  • Select any to allow SecureTransport to select the proxy connection using a network zone that enables an HTTP proxy.
  • Select Default to use the default network zone proxy configuration. If no default is network zone is defined, transfers from this transfer site fail.
  • Select a specific network zone to use the proxy configuration defined for that zone.

For more information, see Specify TM Server communication ports and IP address for protocol servers on SecureTransport Edge.

Enable FIPS Transfer Mode

Restrict AS2 to use only FIPS 140-2 Level 1 certified cryptographic libraries.

When you enable FIPS transfer mode, the panel expands with an additional field that lets you specify the desired set of cipher suites to be used in FIPS mode for server-initiated transfers through this site. By default, this set is populated with the cipher suites as defined in the As2.FIPS.SIT.Ciphers configuration option.

You can add or remove cipher suites. The supported FIPS cipher suites from which you can select when adding a new one are listed in FIPS transfer mode. Note that both the sender and the recipient must use supported FIPS ciphers suites. Otherwise, the transfer will fail.

Signing Certificate (Optional) The alias that represents the user or partner certificate used to sign a message from this site.
Encryption Certificate (Optional) The alias that represents the user or partner certificate used to encrypt a message from this site.
Email The email address used to receive information from SecureTransport Server. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
  * Each AS2 transfer site must have a unique combination of SecureTransport Server AS2 Name and Remote Site AS2 Name.

Transfer Settings: Send Options

This subtopic provides descriptions on the Send Options and Receive Options pages for AS2 transfer sites.

The following table describes the Send Options for an AS2 transfer site.

Field Description
Send options
Send File As Select the check box to specify a file name. You can use the expression language to specify the criteria you want to match. The expression uses the criteria provided to create a new file name from the original file name. When you enter a new file name in this field, the AS2 message header uses the new name as the value for original filename.
Transfer Settings
Subject The MIME subject to be used for outgoing messages.
Mimetype The MIME type to be used for outgoing messages. For example, application/edi-x12.
Transfer Options
Timeout Transfer After x Minutes The number of minutes after which a transfer is timed out if it is not successful.
Sign Using The algorithm to be used to sign messages from this site.
Encrypt Using

The algorithm used to encrypt messages from this site.

The RC2/40, RC2/64 and RC2/128 algorithms are not FIPS compliant.

Compress Select this check box to enable compression.
Enable Chunking Select this check box to enable chunking.
Receipts
Request receipts for all Transfers Select this check box to request receipts for all transfers.
Require Signed Receipt If you select the Request receipts for all transfers check box, select the check box to require those receipts to be signed.
 Request:
Synchronous
Asynchronous

Specify whether you want receipts to be synchronous or asynchronous. If you select asynchronous receipts, specify whether you want to receive those receipts via HTTP or HTTPS.

If you request receipts via asynchronous HTTP and you specify that an SSL connection in Receive Options, you receive receipts via HTTPS instead of HTTP.

Transfer Settings: Receive Options

The following table describes the Receive Options for an AS2 transfer site.

Field Description
Receive Options
Receive File As

Select the check box to specify a file name. You can use the expression language to specify the criteria you want to match. The expression uses the criteria provided to create a new file name from the original file name when the transfer is received. You can use the SecureTransport-specific variable ${stenv.rawsource} which takes the value from the original filename in the AS2 message header. See Expression Language for information on SecureTransport-specific variables.

Require SSL Connection

Select this check box to require an SSL connection for transfers received.

If you request receipts via asynchronous HTTP and you specify that an SSL connection, you receive receipts via HTTPS instead of HTTP.

Require Signature Select this check box to require transfers received to be signed.
Require Encryption Select this check box to require transfers received to be encrypted.

Advanced SSL Settings

The following table describes the Advanced SSL Settings for an AS2 transfer site.

Field Description
Show Advanced SSL Settings
Cipher suites

The set of cipher suites available with the current AS2 transfer site for secure SIT connection. By default this set is populated with the cipher suites as defined in the As2.SIT.Ciphers configuration option.

To reset to default values, click the button next to the tooltip.

Enabled SSL protocols

The available SSL protocols for secure SIT connection with the current AS2 transfer site. By default this option uses the SSL protocols as defined in the As2.SIT.EnabledProtocols configuration option.

To reset to default values, click the button next to the tooltip.

Note Use a subscription to a Basic application or a Site Mailbox application to process files received by an AS2 transfer site.
When using asynchronous receipts for outgoing AS2 transfers, post-transmission actions execute, even if the AS2 transfer has failed. This occurs because the transfer initially reports success, triggering the post-transmission action. After the post-transmission action is triggered, an asynchronous failure message is returned, causing the transfer to fail.

Related topics:

Related Links