Version 25.3.9469

• Overview
  • Video Resources
• AS2 Profile Configuration
  • AS2 Identifier
  • Private Certificate
    • Creating a New Certificate Pair
  • Application URLs
• AS2 Connector Configuration
  • Required Configuration Settings
  • Additional Configuration Settings
  • Testing the AS2 Connection
• Providing AS2 Details to Trading Partners
  • Public URL
  • Manually Provide Details
• Sending AS2 Messages
  • Input Tab
  • Sending as Part of a Flow
  • Receiving MDN Receipts
• Receiving AS2 Messages
  • Output Tab
  • Sending MDN Receipts

Overview

CData Arc supports establishing an AS2 connection with a trading partner in a simple two-step process. First the AS2 profile is configured with local AS2 details (identifier, private certificates, and so on). Then an AS2 connector is configured on the Flows page with the AS2 details for a specific trading partner.

Video Resources

Watch this short video to learn how to quickly setup an AS2 connector.

AS2 Profile Configuration

The Profiles page contains an AS2 section where local AS2 details are configured. The primary configuration details are:

• AS2 identifier (the value identifies Arc to your trading partners as an AS2 entity)
• Private certificate (the certificate that is used to decrypt incoming messages and sign outgoing messages)

Click Profiles on the navbar to configure the AS2 profile settings, as described below.

AS2 Identifier

Your AS2 identifier is included in outgoing AS2 messages and identifies you as the sender. Additionally, incoming AS2 messages must be addressed to this identifier to be accepted by the application. AS2 identifiers have some restrictions: for example, they cannot include whitespace characters and they are case-sensitive. Other than those (and any restrictions imposed by your trading partners), AS2 identifiers can be any mutually agreed upon value.

Private Certificate

Your private certificate is used for digital cryptography (decryption and digital signatures). The private certificate contains a private key that is paired with your public encryption key. When a trading partner uses your public encryption key to secure an AS2 message, it ensures that only you can decrypt the message (with the paired private key).

Arc supports private certificates in PKCS#12 format (.pfx or .p12 files), and PEM-encoded public key certificates (.cer files).

Creating a New Certificate Pair

If you do not already have a private and public key pair to use for AS2 security, Arc supports creating a self-signed certificate. Self-signed certificates are common in the AS2 space, but some partners might require purchasing a certificate from a trusted Certificate Authority (CA).

To create a new certificate pair, choose Create Certificate in the Private Certificate dropdown:

The following fields are required:

• Common Name: The hostname of the server using the certificate. It is used in conjunction with the serial number to identify the certificate.
• File Name: The name of the certificate file, with a .pfx extension. The corresponding public key certificate is given the same name with a .cer extension.
• Serial Number: A unique serial number that is used in conjunction with the common name to identify the certificate.
• Password: The password required to access the private key.
• Validity Period: Determines the expiration date of the certificate.
• Key Size: Whether to create a 512, 1024, 2048, or 4096-bit key.
• Public Key Type: Whether to create an X.509, OpenSSH, or SSH2 public key.
• Signature Algorithm: The algorithm to use when applying a digital signature to the certificate to verify its authenticity.

The remaining fields are optional. but you can use them to add further context and metadata to the certificate.

Once created, the certificate files are placed in the application data directory. Certificate files in this directory are included in the dropdown lists of any certificate-type settings in the application.

Application URLs

The Application URLs section of the AS2 profile defines the publicly-accessible endpoints where trading partners can send AS2 messages to Arc. Set the Base URL field in the Additional Settings portion of the Settings > Advanced page to the base URL that leads to the machine or network where Arc is hosted (for example, https://mydomain.com/Arc). The following endpoints are generated based on this domain value and the port on which the application’s web server is listening:

• Asynchronous MDN URL (the endpoint where partners should send asynchronous MDN receipts, if asynchronous MDNs are required)
• Receiving URL (the endpoint where partners should send AS2 messages)

If you check Publish my AS2 profile settings at Public.rst, trading partners can view your AS2 profile details at the endpoint shown in Public URL. Sending your trading partners this URL can simplify the process of exchanging AS2 configuration details.

AS2 Connector Configuration

After the AS2 profile is configured, navigate to the Flows page and create an instance of the AS2 connector. Each AS2 connector is configured with the AS2 details for a single trading partner.

Required Configuration Settings

AS2 configuration details must be provided by the trading partner. At a minimum, the details that the trading partner must provide include:

• AS2 identifier
• URL or endpoint where outgoing AS2 messages should be sent
• Public certificate or key for encryption

Configure these values in the Trading Partner Info and Trading Partner Certificates sections on the connector Settings tab.

Additional Configuration Settings

Partners can include additional requirements, including:

• Synchronous or asynchronous MDNs (configured in the Request MDN receipt portion of the Settings tab)
• TLS server certificates for connecting to an HTTPS server (configured in the Trading Partner Certificates portion of the Settings tab)
• Specific encryption or signature algorithms (configured in Encryption Algorithm and Signature Algorithm on the Advanced tab)
• A separate certificate (in addition to the encryption certificate) for verifying signatures (configured in Partner Signing Certificate on the Advanced tab)

Testing the AS2 Connection

Once the configuration for a trading partner is complete, you can test the outgoing connection by generating test documents. Navigate to the AS2 connector’s Input tab and choose More > Create Test Files.

Unless Send Automation is disabled on the Automation tab, the connector automatically attempts to process these test files. Any errors that occur when sending the test files to the configured partner are reported on the Input tab, including a log file with context and details on the error. To further diagnose connection issues, use the Log Level and Log Messages options on the Advanced tab.

Successfully processed files are shown with a green Sent status on the Input tab. Successfully sending test files establishes that the AS2 configuration is correct.

Providing AS2 Details to Trading Partners

In the same way that trading partners must give you AS2 configuration details in order to configure an AS2 connector for that partner, you must provide AS2 configuration details to your partners.

At a minimum, you must provide your partner with:

• Your AS2 identifier
• Your public key or encryption certificate
• Your receiving URL

Public URL

The easiest way to provide this information to your partner is to enable the Publish my AS2 profile settings at Public.rst option in the AS2 profile Application URLs. The Public URL field contains a link that you can provide to your partner: from this link, your partner can view your AS2 configuration settings and download your public key or encryption certificate.

Note: The Public URL value is different from the Receiving URL field, which is where trading partners should send AS2 messages, and the Asynchronous MDN URL field, which is where trading partners should send asynchronous MDN receipts (if asynchronous MDNs are required).

Manually Provide Details

Alternatively, you can manually send your partner these details. Find the AS2 Identifier and Receiving URL values in the AS2 profile.

To send your partner the public key or encryption certificate, navigate to the .cer file on disk:

• Navigate to the Arc root installation directory
• Open the data folder in the root directory
• Find the .cer file with the same filename as your Private Certificate in the AS2 profile (the same filename but with a .cer extension instead of .pfx)
• Copy the .cer file and share it with your partner

Sending AS2 Messages

Once you have successfully established the outgoing AS2 connection, you can securely and reliably send files to your trading partner.

Input Tab

Files placed in the AS2 connector Input tab are scheduled to be sent by the connector.

If Send Automation is enabled on the Automation tab (it is enabled by default), the connector automatically polls this folder for files to process. Alternatively, you can manually send files from the Input tab. Click the checkbox to the left of the target file(s) and click the Send button.

You can also use the Input tab to upload files into the Send folder, as shown in the following image:

Sending as Part of a Flow

In most workflows, files are processed by other Arc connectors before they are sent out by the AS2 connector. When another connector is connected to the AS2 connector in a flow, files are automatically passed into the AS2 connector’s Send folder.

In the flow example below, after a file is processed by the X12 connector it is automatically added to the Send folder for the AS2 connector:

Receiving MDN Receipts

The AS2 connector automatically waits for MDN receipts if Request MDN receipt is enabled. If the MDN receipt contains a negative response (for example, the partner has rejected the exchange for some reason), the connector reports an error instead of a successful send.

If an asynchronous MDN is requested, the connector stays in pending MDN status until the MDN is returned by the partner. CData recommends you use synchronous MDNs unless the files you exchange over AS2 are very large (500MB or larger).

Receiving AS2 Messages

When an AS2 message arrives on the Arc web server, the application routes the message to a specific AS2 connector. Arc uses the AS2 identifiers in the message headers (the AS2-To and AS2-From headers) to route the incoming file to the AS2 connector configured for the partner that sent the message.

If the application cannot find an AS2 connector configured for the incoming message (based on AS2 identifiers), an error is logged on the Application log tab and the file is not received.

Output Tab

When the file received over AS2 is routed to a specific AS2 connector (based on configured AS2 identifiers), the file arrives in the Output tab for the connector.

If the AS2 connector is connected to other connectors in the flow, files do not stay in the Receive folder and are instead passed along to the next connector in the flow. In the flow example below, files that are received over AS2 (and routed to this AS2 connector) are automatically passed along to the X12 connector for further processing.

If the AS2 connector is not connected to another connector in the flow, the files received by the AS2 connector remain in the Receive folder. These files can be viewed on the Output tab of the connector.

Sending MDN Receipts

If the incoming AS2 message requests an MDN receipt, the AS2 connector automatically generates and sends the MDN. If an error occurs while receiving the AS2 message, this error is logged in Arc and included in the MDN receipt returned to the trading partner.

The settings required for sending MDN receipts are included in the incoming AS2 message and do not need to be explicitly configured in the AS2 connector.