AS2 Concepts

www.altova.com Print this Topic Previous Page Up One Level Next page

Home >  AS2 Integration >

AS2 Concepts

In order to send AS2 messages to a trading partner, you must first obtain from the trading partner the AS2 connectivity details, including any digital certificates required for data encryption and signing. Also, the following must be established:

 

Does the partner require connections over HTTP or HTTPS?
Does the partner require that AS2 messages be encrypted?
Does the partner requite that AS2 messages be signed?
Do you need a confirmation (MDN, from "Message Disposition Notification") from the partner that the AS2 message has been received?

 

HTTP(S) connection

The HTTP connection encryption is different from (and should not be confused with) the encryption of the actual AS2 message. Your trading partner might accept plain HTTP and not require HTTPS connections at all, because the AS2 message is typically already encrypted separately on a different layer (see the next paragraph). If the trading partner requires that AS2 messages be sent over HTTPS instead of plain HTTP, then the server of your trading partner is most likely already configured to accept SSL-encrypted connections from clients, and no additional configuration should be necessary on your side.

 

AS2 encryption

"Encryption" of the AS2 message means changing (enciphering) data before transmitting it, in such a way so that only the intended party (that is, your trading partner) can decipher it and read it. Note that the AS2 message encryption certificates are not the same as the certificates used to secure the connection to the trading partner (see previous paragraph). To make AS2 message encryption possible, you must have the trading partner's public certificate and add it to the FlowForce Server certificate store, see Configuring AS2 Certificates.

 

AS2 signing

"Signing" means adding to the message a digital signature, which only the signer of the message (that is, your organization) could have created for this particular message, but which everyone (in particular, your trading partner) can verify – provided they know your organization’s public certificate. Therefore, you must add your organization’s private certificate (or private key) to the FlowForce certificate store, see Configuring AS2 Certificates, and send your public signature verification certificate to your trading partner.

 

MDN

Message Disposition Notifications (MDNs) act as receipts in AS2 communication. By requesting a signed notification, you can verify that your message was received untampered and accepted for processing. AS2 supports both synchronous MDNs (as response to the HTTP request) and asynchronous MDNs (delivered by a separate mechanism, not necessarily HTTP). FlowForce Server will always request a synchronous MDN, optionally signed, see Configuring AS2 Partners. Requesting asynchronous MDNs is currently not supported, see the Limitations.

 

Once you have agreed with the trading partner how data is to be sent and exchanged the required certificates, the next step is to add the relevant certificates and partner details to FlowForce Server (see Configuring AS2 Certificates and Configuring AS2 Partners, respectively).


© 2019 Altova GmbH