Manage the AS2 server

AS2 (Applicability Statement 2) is a specification about how to transport data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption. The AS2 specification describes how to exchange business data securely and reliably using HTTP as an underlying transport. The data is packaged using standard MIME content types so you can use XML, EDI, binary data, and any other data describable in MIME. Message security (authentication, confidentiality) is implemented using S/MIME. Message reliability is enabled through the use of MDNs. Nonrepudiation and Nonrepudiation of Receipt are business and legal concepts that build upon the security and reliability components in AS2.

If an AS2 license is available, enable the AS2 server. In cluster setup, specify the AS2 settings on both SecureTransport Server and SecureTransport Edge.

Add an AS2 Server

To add an AS2 server, go to the extended Server Control page and on the AS2 Servers pane, click Actions > Add Server.

The following table presents all parameters and expected values associated with your new AS2 server.

Field Description
Server Name Enter a unique name of your server.
Enable Receiver Select to enable receiving of your current AS2 server.
non-SSL Settings
Enable AS2 (non-SSL)

Select to enable insecure AS2 transfers with your current AS2 server. By selecting this option, the non-SSL Port and non-SSL Host options become editable.

Note To enable AS2 without SSL, you must create an SSL encryption entry for a user class with SSL encryption optional. See Manage SSL access.
non-SSL Port Enter the port number of your non-secure AS2 server.
non-SSL Host Enter the host address of your non-secure AS2 server.
SSL Settings
Enable AS2 (SSL)

Select to enable secure AS2 transfers with your current AS2 server. By selecting this option, the remaining options become editable.

Enable HSTS

Select to enable HSTS to always send the "Strict-Transport-Security" HTTPS response header to redirect plain HTTP connections to HTTPS.

With this functionality, two dedicated Server Configuration options for HSTS are added:

  • As2.Security.Hsts.enabled - Enable or disable HSTS for the AS2 server. Serves the same purpose as the check-box. Possible values are: true or false. It is only editable from the Server Configuration page. The default value is true.
  • As2.Security.Hsts.max-age - HSTS header maximum age attribute value for the AS2 server measured in seconds. The default value is 6-months which is equivalent to 15768000 seconds.
Enable FIPS Select to enable FIPS transfer mode for AS2 connections.

By selecting this option, the Enabled FIPS Ciphers field becomes editable.

SSL Port Enter the port number of your AS2 server.
SSL Host Enter the host address of your AS2 server.
Client Certificate

If you are using AS2 via SSL, this drop-down list presents the different client certificate enforcement options.

  • Disabled – no certificate authentication is required
  • Optional – the client can additionally authenticate using a certificate. However, if the client presents an incorrect certificate, authentication fails.
  • Required – the client must authenticate using a certificate
SSH Key Alias Select an SSL Key Alias from the drop-down list, for example, admind.
Key Exchange Algorithms Enter the Key Algorithm (the default is SunX509, or IbmX509for SecureTransport running on AIX) .
Enabled SSL Protocols Enter a comma-separated list of SSL protocol versions to be enabled.

Default value for newly created AS2 servers after updating to SecureTransport 5.5-20210930: TLSv1.2, TLSv1.3.

Default value for existing AS2 servers: TLSv1, TLSv1.1, TLSv1.2.
For instructions on how to enable TLSv1.3 protocol support, refer to the SecureTransport 5.5 Security guide.

Enabled Ciphers

Enter the cipher suites to be used with your AS2 server.

For more information on cipher suites, refer to the SecureTransport 5.5 Security guide.

Enabled FIPS Ciphers

Modify the cipher suite set to be used with your AS2 server in FIPS mode.

By default, this field is populated with all FIPS compliant TLS cipher suites supported by SecureTransport. For the complete list, see Advertised ciphers and cipher suites.

Click the "down arrow" icon on the right to access a drop-down menu with options to select and deselect all items, reset to defaults, and reload the previously saved selection.

For the default AS2 server, the list of allowed cipher suites in FIPS mode is determined by the As2.FIPS.Listeners.Ssl.EnabledCipherSuites configuration option.

Once you are finished entering the parameters of your AS2 server, click Save to create it; or Cancel to discard all changes and return to the Server Control page.

For information about more AS2 settings, see Configure AS2 server settings.

Start and stop an AS2 server

You can easily start and stop your AS2 server.

  • Start your server by clicking the "play" icon:
    A box with a success message pops up on your screen and your server status changes to Running.
  • To stop your server, click the "stop" icon.
    A box with a success message pops up on your screen and your server status changes to Stopped.

You can only start the AS2 daemon once the As2 Default server is operating (enabled). Stopping the daemon will stop all underlying started servers. During daemon start, only the enabled servers will be started. In case of AS2, an "enabled server" means that you have at least selected either option: Enable AS2 (non-SSL) or Enable AS2 (SSL).

Edit AS2 server settings

You can change any of the selected AS2 server property values. Note that you can change the server name only when the server is stopped. To update an AS2 server, click the corresponding "gear" icon:

A new modal box with the AS2 settings pops up. Add your changes and click Save to apply your changes; or Cancel to discard them.

Delete an AS2 server

Note You cannot delete or change the name of the "AS2 Default" server from the SecureTransport Administration Tool.

You can only delete a server once it is stopped. You cannot delete a server in Running status.

To delete a server, locate it on the Server Control page, make sure it is stopped and click the corresponding "trashcan" icon:

Related Links