AS2 Setup Procedure in Sterling Integrator

Before going to AS2 Partner setup in Sterling Integrator let us know about what is AS2,
how it works and how it will get implemented:
AS2:
AS2 (Applicability Standard 2) is an EDI specification intended to ensure the proper
level of security for data transmitted over the Internet. Although it was developed
specifically for EDI, it can be applied to virtually any type of file, including XML.
How AS2 Works:
AS2 addresses security for data transmitted via the HTTP (Hypertext Transfer Protocol)
transport protocol (or its more secure version, HTTPS) over the Internet. It does this
through the use of encryption and digital signatures, using a format called S/MIME
(Secure Multi-Purpose Internet Mail Extension), and the use of receipts called MDNs
(Message Disposition Notifications).
One key, called the Private key, is used for both decryption and signing messages and
should always be protected. A Public key, which is used for encryption and verifying
the sender's signature, is intended to be shared with your trading partners so they can
encode messages for you.
MDNs contain information about the delivery status of the message. In this way, MDNs
allow for a particular benefit called non repudiation, which means the recipient of a
message cannot deny having received it.
Why we use MDN:
The Message Disposition Notification process is initiated by the EDI message sender
and is usually concluded once the sender receives the requested MDN. Let me show
you a typical AS2 transmission that utilizes this process.

Below are Steps that briefly say about flow:

1. The sender encrypts the EDI message, attach its digital signature, and specifies an
MDN option. Let's assume the option amounts to a request for the return receipt;
2. The EDI message is transmitted over the Internet via AS2.
3. Receiver decrypts the message and validates the sender's digital signature;
4. The receiver recognizes the request for an MDN, prepares the MDN, attach its own
digital signature to it, and then sends it back to the original sender.
5. Finally, the sender receives the MDN, validates the receiver's digital signature, and
then closes the connection.
Hence, MDN serves to tell the sender about two things: 1) That the AS2 transmission
completed successfully and 2) That the EDI message was received by the intended
recipient avoid of any unauthorized modifications .
How the trading partner validate the digital signature:

Before AS2 transmission two trading parties start sending EDI messages over AS2, they
first share public keys with one another. Each public key corresponds to a specific
private key, which is used for generating a digital signature and is held by the party who
owns that particular signature.
The private key is kept secret and hence is never shared. The function of the public key
is to validate the digital signature. Only the private key that corresponds to a particular
public key can generate a signature that the public key can validate.
whereas during AS2 Transmission below are the steps followed:
1. TP - A generates a digital signature using its private key;
2. TP - A's digital signature is sent along with an AS2 EDI message;
3. TP - B validates TP - A's digital signature using TP - A's public key that's given before
AS2 transmission.

Synchronous vs Asynchronous MDN :

Synchronous or Sync MDN is an option wherein the MDN is sent to the message
sender via the same HTTP/S connection that was used to deliver the original EDI
message. On the other hand, Asynchronous or ASync MDN is an option wherein the
MDN is sent at a later time via a different HTTP/S connection.

Nm

How to configure AS2 setup in Sterling Integrator:

1.) Managing Digital Certificates:
As an AS2 user, you need to check in the following certificates into Sterling B2B
Integrator:

CA certificate.
Trusted certificates: A certificate that contains a single public key certificate that
belongs to another entity. Trusted certificates are used when verifying digital signatures
and when initiating a connection to a secure (SSL) server.
Self-signed certificates: A self-signed SSL certificate is an identity certificate
signed by its own creator.
Follow below steps to configure Self-signed certificate:
1.) Navigate to Trading Partner => Digital Certificate => System. Next to Create SelfSigned Certificate, click Go!
2.)In self signed certificate for the below fields give their corresponding values these
fields are required fields and click finish.

3.) Click on Finish and search for the certificate, checkout it to bring certificate to our
local place.

What needs to be deployed in the Trusted certificates:

1.) Navigate to Trading Partner => Digital Certificate =>Trusted. Next to Trusted Digital
Certificate, click Go!
2.) Browse your partner Trusted here Certificate . You can change Certificate Name if
you want to.
3.) Click on Finish.
Configuring AS2 Organization and Trading Partner Information:
In order to configure AS2 Organization and Partner we need to have below information:

Name and address information

AS2 identifiers
System certificates
Trusted certificates
IP addresses, port numbers, and URLs
Agreed on algorithms for signing and encryption
Passwords
Creating an AS2 Organization:
An organization is the company or business entity that administers your system.
1.) From the Administration menu, select Trading Partner => AS2=>Click on Go next to
AS2 Organization and Partner.
2.) Select on Organization in New Profile: AS2 Configuration Type. Click on Next.
3.) If you want to create new Identity enable it or else if you want to used already exists
one enable it(You can see a drop list for used Identity).

4.)Need to Fill below Organization Details:

Identity Name: Name of the identity used for the organization profile. Required.
AS2 Identifier: AS2 identifier of your organization. It could be a DUNS number, EDI
interchange ID, e-mail address, or another unique string. Required.
Profile Name: Name of the organization profile. Required.
Exchange Certificate: Name of certificate that your organization is using for decryption.
Required. (System Certificate generated in SI if you are organization)
Signing Certificate: A certificate whose corresponding private key is used to sign
transmitted data, so that the receiver can verify the identity of the sender. Required.
(System Certificate generated in SI if you are organization)

4.)Click on Next and Finish.

Creating a Trading Partner:
1.) From the Administration menu, select Trading Partner => AS2=>Click on Go next to
AS2 Organization and Partner.
2.) Select on Partner in New Profile: AS2 Configuration Type. Give Name of the Partner
and AS2 Identifier . Click on Next.
3.)Below fields are required fields on AS2 Configuration Type:
Profile Name: Name of the Partner profile. Required.

HTTP Client Adapter: HTTP Client Adapter instance to use when sending outbound
AS2 messages.
End Point: HTTP address or URL to post AS2 messages to for this specific trading
partner. For AS2, the end point must be the complete URL to send messages. Contact
your trading partner for the value to use in this field. Required. For eg:
http://172.17.x.xxx:xxx/as2/HttpReceiver
Response Timeout (sec): Number of seconds the HTTP client adapter waits for a
response from the trading partner's server before the system times out.

Click on Next.
5.)Below Signing Certificate is required for Partner Profile creation :
We should give Trusted Certificate we had deployed in SI server.

6.)Click on Next and Finish to complete Partner Profile Creation.

Creating AS2 Trading Relationship:
1.) From the Administration menu, select Trading Partner => AS2=>Click on Go next to
AS2 Trading Relationship. Below are fields
Retry Interval(sec): The interval (in seconds) after which messages will be requeued
and an attempt will be made to resend them (after a send failure). Required
.
Max Retries: The maximum number of retries that should be attempted after repeated
send failures. Required.
You can enable any one of the three according to your business. For eg: If you choose
Store AS2 Messages in File System : Stores your AS2 messages in the directories you
choose. Required.

2.) Click on Next. Next page changes according to the option you enabled to Store AS2
message.
If for example you choose Store AS2 Messages in File System then you can see three
fields collection folder, extraction folder and error folder are created by default in Sterling
Server .
Run service based on a timer every :Hours and minutes for which to run the File
System adapter. The default time is five minutes. Required.

3.) Click on Next and Finish .

Now Organization, Partner and Relationship between them is completed by all the
above steps.
Basing on the Profiles you created the files will automatically pick from the respective
folders or partner mailboxes.