< Back to Top

AS2 Endpoint

This article describes AS2 Endpoint attributes and other information about AS2 as it relates to your trading partners.

The AS2 Endpoint has the following attributes:

Attribute Description
Partner URL  The URL pointing to the location where your trading partner receives messages. 
Partner AS2 Name The AS2 name your trading partner uses to send and receive messages from this Endpoint. 
My AS2 Name The AS2 name you use to send and receive messages from this Endpoint.

Inbound Section

The attributes in this section apply to messages being received by this endpoint.

Attribute Description
Verify Signed Payloads Select to ensure that when a signed payload is received, the signature is what you expect from your trading partner.  When you select this option:
  • The Require Signing check box displays. Select it to require that all messages be signed.
  • You are prompted to select the trading partner's signing certificate. See Working With Certificates.
Accept Encrypted Payloads Select to accept encrypted inbound payloads. When you select this option:
  • The Require Encryption check box displays. Select it to require that all messages be encrypted.
  • You are prompted to select your decryption certificate. See Working With Certificates.
Require HTTPS Select to require that Transport Layer Security (TLS) be used for inbound messages.
Use Default File Name Allows the incoming file to be given the name specified in its associated field. Use this option to override the file name specified by the sender. This feature is useful in situations where the received file name must be something other than its original file name. This field can also include any of the supported macros allowing for the incoming file to be named, for example, with a date-time stamp. Subdirectory path identifiers (i.e., ‘/’ or ‘\’) cannot be used in the default filename.  See Using macro variables (Destination File context) for a discussion of all applicable macros.

Outbound Section

The attributes in this section apply to messages being sent from this Endpoint.

Attribute Description
Subject Identifies the message and is returned in the human-readable section of an MDN if requested. 
Content Type Specify the format of the message being sent or allow the Cleo Integration Cloud to detect the content type automatically. This value is used when assembling and parsing messages. Choose from the following:
  • Auto Detect
  • EDIFACT
  • X12
  • XML
  • Binary
  • Plain Text
Note: Auto-detectable types include:
  • application/edifact
  • application/edi-x12
  • application/edi-tradacoms
  • application/xml (text/xml)
  • application/pdf
  • application/msword
  • application/x-msexcel
  • application/rtf
  • application/zip
  • image/bmp
  • image/gif
  • image/tiff
  • image/jpeg
  • text/plain
  • text/html
  • video/mpg
Sign Select this option to sign messages sent from this Endpoint. When you select Sign:
  • You are prompted to select your signing certificate. See Working With Certificates.
  • Use the Signing Algorithm field (in the Advanced tab) to choose the algorithm you want to use to sign outbound messages.
Encrypt

Apply encryption to messages sent from this Endpoint. 

When you select Encrypt, you are prompted to select the trading partner's encryption certificate. See Working With Certificates.
Compress

Apply ZLIB compression to messages sent from this Endpoint. Choose this option for large files to conserve bandwidth and improve efficiency and security. 
Request MDN Receipts

Request MDN receipts when sending messages from this Endpoint. 

When you select this option, the following fields are displayed:

Type

Specify how you want MDN receipts generated. Choose from the following: 

  • Synchronous - MDN is generated as part of the same HTTP session. 
  • Asynchronous HTTP -- MDN is generated as part of a new HTTP session. 
  • Asynchronous HTTPS -- MDN is generated as part of a new HTTPS session. 
Require signing 

Select this option to require that all MDN receipts be signed. 

When you select this option, you are prompted to select the trading partner's signing certificate. This field is prefilled with the inbound signing certificate as the same certificate is commonly used for both. See Working With Certificates.

Security Section

Attribute Description
Signing Algorithm

The algorithm you want to use to sign messages sent from this Endpoint. 

Choose from the following:

  • SHA-1
  • MD5 (cryptographically weak and should not be used unless no other Hash/MIC algorithm is available)
  • SHA-256 (default)
  • SHA-384
  • SHA-512
Encryption Algorithm

The algorithm you want to use to encrypt messages sent from this Endpoint. 

Choose from the following:

  • RC2/40
  • RC2/64
  • RC2/128
  • DES
  • TripleDES (default)
  • AES/128
  • AES/192
  • AES/256
  • RC4/40
  • RC4/64
  • RC4/128

TLS Minimum Protocol Version

TLS Maximum Protocol Version

 Select minimum and maximum versions for SSL/TLS protocol. Messages from systems using versions of SSL/TLS outside the range you specify are not accepted. 
Choose from the following:
  • SSL 3.0
  • TLS 1.0
  • TLS 1.1
  • TLS 1.2
  • TLS 1.3
  • No Maximum -- available only for the Maximum field.
TLS Minimum Encryption Key Size The minimum encryption key size allowed when selecting a TLS cipher. To prevent the use of low- or medium-strength ciphers, change from the default value of 0 to 112, 128, or 256 (depending on the requirement). Note that if this value is set too high, all ciphers are filtered out causing the No suitable cipher suites are enabled exception to occur.
TLS Ciphers

The cipher selected is used with the server for key exchange, encryption, and hashing. If the server does not support the cipher, a TLS handshake error will occur. 
Choose from the following: 

  • All - Present the list of supported ciphers to the server and allow the server to pick one. 
  • Select from list  - Display a list from which you choose a specific cipher.
TLS Renegotiation Allow TLS Legacy Renegotiation -- Allows legacy renegotiation. Otherwise, the extension described in RFC5746 will be used for renegotiation and any TLS clients must also support this extension. See RFC5746 for a description of the extension and the vulnerability it addresses. 
Check TLS Certificate Server Name Verifies that the server name in the received TLS certificate matches the server name actually connected to.
TLS Client Certificate If you want to use TLS client authentication, select the client certificate here. See Working With Certificates. 
Receipt Signing Certificate If you want to sign receipts, select the certificate here. See Working With Certificates. 
Enable HTTP Authentication

Select the checkbox to display the following fields:

  • Type - Choose Basic or Digest authentication 
  • Username, Password, and Realm - Specify credentials for HTTP authentication. Realm is optional.

Connection & Transfer Section

Attribute Description
Transfer Encoding

Select from the following:

  • None - No encoding
  • Chunked -- Message content is broken up into a number of chunks, each prefixed by its size in bytes.
    Chunked encoding is useful when a large amount of data is being transferred and the total size of the response is not known until the request has been fully processed. 
Use Content-Type for Inbound File Extension

Select to have file extensions for inbound files reflect the file's content-type.
Base64-Encode Outbound Content

Select to use Base64 encoding on outbound content.
Connection Timeout (seconds)

The amount of time allowed for each read operation. 

Valid range is from 0 - n seconds

0 indicates no timeout. Default value is 150 seconds.
Automatic Retries

The number of retries that should be made during an attempt. An attempt consists of the number of transfer retries you specify. For example, if you specify 5 retries and 30 seconds, an attempt would consist of 5 retries occurring in the span of 30 seconds.

This setting applies to both sends and receives. 

The minimum number of retries is 0 and the maximum is 5.

The time between retries can range from 0 to 120 seconds.

Select the Resume failed transfers when retrying check box to retry failed transfers starting where they failed.

See Retrying Failed File Transfer Attempts.
Extended Outbound Retries

The period of time during which outbound retries are attempted after a failed send attempt and subsequent failed automatic retry. Retries will not be attempted after the end of the period specified.

This period starts when the first retry is attempted and ends after the value you specify elapses.

Minimum value is 15 minutes.

Maximum value is 3 days.

See Retrying Failed File Transfer Attempts.
Concurrent Outbound Transfers Specify the maximum number of connections that can be transferring to this Endpoint at the same time.

Minimum value is 1 and maximum is 10.
Subdomain

If you have more than one subdomain, select the one you want to use for this Endpoint. 

Note: This field appears only when you have more than one subdomain.
Inbound IP Whitelisting

Specifies the IP addresses allowed to connect to this Endpoint.

IP addresses can be a single address or a range of addresses.

Enter addresses or address ranges one per row or separate them using commas.

Note: Inbound IP Whitelisting is not available on Endpoints using Cleo's Limited Primary/Failover IP Network. See Limited Primary/Failover IP Network for more information.

The following are examples of valid IP addresses:

IP Address Description
* All IP addresses
10.11.12.13 Single IPv4 address matching 10.11.12.13
10.* IPv4 addresses in the range 10.0.0.0-10.255.255.255
10.11.* IPv4 addresses in the range 10.11.0.0-10.11.255.255
10.11.12.50-10.11.12.70 IPv4 addresses in the range 10.11.12.50-10.11.12.70
10.11.12.0/24 IPv4 addresses in the range 10.11.12.0-10.11.12.255
MDN Receipt Timeout The values you specify in this section apply if there is no MDN receipt received.
Resend Transfers After (minutes) The number of minutes to wait before a resend is attempted.
Maximum Resend Attempts The number of times to attempt a resend before stopping.  
Events

CIC allows you to send notification email to one or more recipients upon successful Send to or Receive from this Endpoint.  Use the Upon successful Send to this Endpoint... and Upon successful Receive from this Endpoint... fields to specify the recipients.

Recipients can be CIC users or external recipients. CIC users receive more detailed emails and benefit from a type-ahead dropdown when entering names, while external recipients get a simpler email and require full email addresses to be entered manually.

For all recipients, the notification email includes a link where the recipient can opt out of notifications from this Endpoint or all Endpoints. If a recipient opts out of these notifications, their email address no longer appears in the list of recipients you specified.

Connecting with Trading Partners over AS2

Partners connecting to CIC over AS2 should use the values displayed on the AS2 Endpoint screen.

AS2-Endpoint-Connection-Info.png

The AS2 URL value is generated when Cleo configures your system for you.  It is possible for you to have multiple incoming URLs configured for partners who want to connect to CIC using AS2. Contact your system administrator for more information about your specific configuration.

The AS2-To Header and AS2-From Header come from the values you provide when you configure your endpoint.

The default port for HTTP is 80 and for HTTPS it is 443.

AS2 Endpoint commands

The following commands are available for the AS2 Endpoint when it is the destination of a Data Flow.

CLEAR

Clear a property string value. The cleared value only affects the commands that follow the CLEAR.

CLEAR property
property Property name with no embedded spaces.

PUT

Send one or more files to the host.

PUT "source" "destination"
source
destination Remote destination filename. If the destination contains a space, dash (-), comma (,), or equal sign (=), it must be enclosed with double quotes ("..."). The use of macro variables is supported.  See Using Macro Variables in CIC (Destination context) for a list of the applicable macros. 

SET

Change a property value. The new value only affects the commands that follow the SET.

SET property=value
property = value Property and new value
  • The property name must have no embedded spaces.
  • The value specified remains in effect until it is set again or until the end of the Data Flow.  
  • To reset the property back to default value, specify 
    SET property

    or

    SET property=

Valid properties for SET command are as follows:

host.Path.PUT=xxx Valid only for AS2 Endpoints. 
Use this property to override the resource path in the Endpoint's Partner URL when multiple resource paths are used for the same partner.
TerminateOnFail

Valid for all Endpoints configured as source in a Data Flow.
Use this property to control command processing when errors occur.
Possible values:

  • True - Command processing stops when an error occurs.
  • False - Command processing continues even when an error occurs.

Default value is True.

WAIT

Pause execution.

WAIT seconds
seconds Number of seconds to pause.

Related articles

Comments

0 comments

Please sign in to leave a comment.