Enabling the AS2 Inbound Listener Service

You can configure EFT Server as an AS2 Receiver by allowing incoming transactions over the AS2 protocol and providing your AS2 Identifier Name by which trading partners identify themselves to each other. and encryption and signing certificates to your trading partners (Organizations that send or receive documents from each other. The trading partners agree on the specific information to be transmitted and how it should be used.). Your trading partners need this information to be able to share files over AS2.

When you configure a new Site, the Site Setup wizard provides options for configuring the protocol. After a Site is created, you can enable AS2 by selecting the Enable AS2 over HTTP/S check box on the Site's Connection Options tab. You can enable or disable AS2 for partner (user) accounts at the User Setting Level or the user level, or by selecting AS2 in the New User Creation wizard on the protocol selection page when you create the partner account.

To enable the AS2 inbound listener service, you will need to provide the following information:

EFT Server’s AS2 identifier. There is no standard for the AS2 Identifier. You can use your name, your company's name, or some other unique name. EFT Server validates the AS2 identifier to determine whether it is unique (not used by another partner on this EFT Server). If you type an ID that is not unique, the field resets to blank.

EFT Server's AS2 Identifier can be overridden per account (partner); however, if you change your AS2 Identifier, partners will not be able to connect to you until they update your AS2 identifier on their systems.

EFT Server’s AS2 certificate path for signing/encryption, populated by default with the SSL certificate paths (if present) for EFT Server SSL communications. If the SSL certificate does not already exist, you can create one from within the AS2 Server Configuration dialog box.

If you attempt to apply changes, navigate away from the Connection Options tab, or click OK in the Configuration dialog box when AS2 is enabled and no certificate path has been defined, EFT Server displays an error message. (You can click Cancel to close the dialog box without making changes.)

EFT Server does not allow you to use a certificate file with a .p* (e.g., pfx, p12) extension. The .p* extension indicates that it is a combined certificate that includes both the public and private keys, giving clients access to the private key. As a security best practice, use separate public/private keys. Create your certificates using EFT Server's Certificate wizard or refer to Knowledge Base article Q10401 - HOWTO: Using OpenSSL to Generate/Convert Keys and Certificates for the procedure for using the OpenSSL command-line tool to generate and convert private keys and public certificates.

To enable the AS2 inbound listener service

In EFT Administrator, connect to EFT Server and click the Server tab.
In the left pane, click the Site that you want to configure.
In the right pane, click the Connection Options tab.
Select the Enable AS2 over HTTP/S check box, then click Configure. (The check box is disabled if the HTTP or HTTPS check boxes are not selected.) The AS2 Setup Wizard appears.
Read the Welcome page, then click Next. The AS2 identifier page appears.
In the Your AS2 Identifier box, type the name by which you are to be identified to trading partners, then click Next. The Certificate page appears.
Do one of the following:

If you do not yet have a certificate defined, click create. The Create certificate wizard appears.

Follow the prompts in the wizard to create the certificate.
Click Finish. The Certificate file path, Private key file path, and Private key Passphrase boxes are completed with the location and file names of the created certificate. (The passphrase box displays asterisks.)

If you already have a certificate or want to specify a different certificate than the one displayed, specify its location and passphrase as described below:

In the Certificate file path box, type the path or click the open icon to select the file.
In the Private key file path box, type the path or click the open icon to select the file.
In the Private key passphrase box, type the path or click the open icon to select the file.

EFT Server warns you if a file with extension .p* (e.g., pfx, p12) is specified. The .p* extension indicates a combined certificate that includes both the public and private keys, giving your users access to the private key. As a security best practice, use separate public/private keys.

Click Next. The AS2 portal Web URL page appears. The AS2 portal Web URL can be provided to trading partners so that they can obtain EFT Server's AS2 identifier and certificate public key to configure AS2 transfers with EFT Server. (For future reference, the AS2 portal Web URL is also displayed on the Site's Connection Options tab.)
To save the URL to paste into your website or e-mail, click Copy to clipboard, then click Next. The final page of the wizard appears.
Review the Next steps, then click Finish to save the configuration and close the dialog box.
Click Apply to save the changes on the Server.

Refer to the topics below for more information regarding configuring AS2 partners and transfers.