Configuring AS2-HTTP/S for a Trading Partner
To configure AS2-HTTP/S for a trading partner, perform these steps:
- On Partner Management tile, click Partners.
- On the Partners page, click any partner you wish to configure this transport.
- In the Edit Partner window, on the Protocol tab, click Edit Configurations for any protocol you wish to configure.
- Select or enter data as described in AS2-HTTP/S Transport.
- Click Transports tab and select the transports.
- Click
Save.
The New Transport dialog is displayed. Select or enter data as described in below table.
In the New AS2-HTTP/S Transport dialog, configure the options according to
AS2-HTTP/S Transport Field Description Name Name the transport. Type Select AS2-HTTP or AS2-HTTPS from the Transport Type list. This action adds the AS2-HTTP/S item to the list in the Primary Transport areas described in Transports Tab of protocol. Transport Name An identifier for these transport settings. URL Required. The URL for the trading partner.
Syntax: https://host:port/dmz/protocol.
Example: https://host_machine8:6705/dmz/EZComm.
HTTP 1.0 Compatible Whether to exclude "Expect: 100 continue" in the HTTP header of the outbound AS2 HTTP/S request when the request is sent to the server of the trading partner. Server Certificate (Required, HTTPS only) The certificate used to encrypt communication. MIME Subject A short string identifying the topic of the AS2 message; for example, “Purchase Order from ABC Company”. For more information on the Subject Header field for MIME messages, refer to RFC C2822, Internet Message Format.
Non Repudiation of Receipt Enable logging of receipts in the non-repudiation table. If you check this option, you must also check the Sign check box and set Request Receipt to Signed. This means that outbound messages are signed and signed receipts are requested from the Responder. The original signed request from the Initiator and the signed receipt from the Responder are logged in the Initiator’s non-repudiation table.
For more information, see TIBCO BusinessConnect Container Edition Concepts, "Non-Repudiation."
Sign Enable outbound request messages or acknowledgments to be signed using your private key. Your partner uses your public key to authenticate your message. The 1024-bit key length is used for signatures. TIBCO BusinessConnect Container Edition can process messages which contain message digests computed using the SHA1 hash algorithm. By default, TIBCO BusinessConnect Container Edition will use the SHA1 hash algorithm when signing outbound messages for the AS1 and AS2 transports. To override this behavior, set the TIBCO BusinessConnect Container Edition property bc.ediint.digestAlgorithmEnabled to true under System Settings. This will cause TIBCO BusinessConnect Container Edition to compute the message digests for AS1 and AS2 using the digest algorithm setting specified for the business agreement in the Document Security screen.
Whether an outbound receipt is signed or not is controlled by the setup in the requesting partner’s Request Receipt list.
Signature Scheme Select the desired signature algorithm from the list of options: RSA, RSA-PSS. The default option is RSA.
Encrypt Enable each outgoing message to be encrypted using your partner’s public key. Your partner uses their private key to decrypt your message. The encryption algorithm specified for the business agreement in the Document Security screen will be used to encrypt the email messages. Encryption Scheme Select the desired encryption algorithm from the list of options: RSA-PKCS1-v1_5,
RSA-OAEP, RSA-OAEP-sha256, RSA-OAEP-sha384, and RSA-OAEP-sha512
The default option is RSA-PKCS1-v1_5.
Compress If selected, each outgoing message is compressed in ZLIB format. Compression Order File compression is performed in the following orders:
Request Receipt The type of receipt returned from the trading partner. The following options are available: - None No receipt is requested from the trading partner for a message.
- Signed A signed receipt is requested from the trading partner for each message. After the Responder gets the document and verifies the content for integrity, a signed receipt is created and sent by the trading partner.
- Unsigned An unsigned receipt is requested from the trading partner for each message.
If you choose to request a receipt of any kind, you must have a valid email address set for the trading host.
If you checked Non Repudiation of Receipt, you should select Signed. For computing the message digest, BusinessConnect Container Edition uses the digest algorithm that was configured for the business agreement in the Document Security screen.
For more information on receipts, see Message Disposition Notification Receipts.
Return Receipt URL The URL to which receipts are sent if you selected asynchronous receipts in the Request Receipt list. "http://" or "https://" prefix is mandatory for Return Receipt URL on BCCE environment.
Receipt Timeout
(minutes)
The amount of time within which a receipt should be returned by the trading partner. Retry Count The maximum number of times TIBCO BusinessConnect Container Edition will try to re-connect to the remote HTTP server, in case of failures. Retry Interval The interval TIBCO BusinessConnect Container Edition will wait before another re-connect is attempted. Socket Timeout
(seconds)
Socket timeout is the maximum amount of time (in seconds) to wait for a response before disconnecting the socket. Use HTTP Basic Authentication HTTP basic authentication uses a user name and password. Username Specify a user name for authenticating the host on the partner HTTP/S service. Password Specify a password for authenticating the host on the partner HTTP/S service. Cipher Suite Grade (HTTPS only) Select the cipher grade (strength) from the list.
The options are:
- All
- Only Stronger Than Export
- Only 128-Bit and Stronger
- Only Stronger Than 128-Bit
- Only 256-Bit and Stronger
All ciphers are listed in TIBCO BusinessConnect Container Edition Concepts, "Cipher Suites."
Can Use TLS (HTTPS only) Whether TLS protocol is supported. If you select this check box, TLS protocol is used to establish connection to the trading partner server.
TLS Version (HTTPS only) Select the version of TLS protocol. TLS protocol versions 1.0, 1.1, and 1.2 are supported.
Can Use SSLv3 (HTTPS only) SSL protocol version 3.0 is supported. If you select this check box, SSL protocol version 3.0 is used to establish connection to the trading partner server.
- click Save.