add station icon

Adding a Trading Station

Version: latest

The first thing you need to configure on the AS2 Gateway is a Trading Station which acts as your local endpoint of the trading communication. You will receive messages to this trading station and you can send messages from this trading station. A trading station is nearly analogous to an email address.

Lets start by adding a trading station for your organization. First go to the stations view using the Stations icon on the left navigation menu. Then on the page header (top menu), click on New Station button.

station nav pointed

Now you need to fill the required information to configure the trading station you are about to add.

station add

To add the trading station;

Basic Details

  1. Specify a name for the trading station. This is solely used for organizing and viewing stations within your AS2 Gateway account, and will not be used in AS2 message communication.

  2. Specify an AS2 identifier for the station. This is the key used to publicly identify the AS2 station (analogous to an email address), and will be used as an essential field (AS2-From header) in AS2 message communication.

    This has to be unique among a set of agreed partners (to avoid ambiguity), and also within AS2 Gateway. If you pick an AS2 identifier that is already being used by an existing trading station, AS2 Gateway will display a warning upfront and disallow you from creating the station until you provide a new identifier.

    Spaces, backslash or double quotes are not allowed in the station AS2 identifier.

    + Length should be 1-128 letters.

    You cannot change the station AS2 identifier value later!
  3. Specify an email address for the station. This will be used in a non-critical, legacy From header of AS2 communications originating from this station. (This is different from the more important AS2-From header - which is derived from the AS2 identifier of the station.)

    AS2 Gateway will also use this address to send you email notifications related to AS2 messages.

    If you want to receive notifications at multiple email addresses, you can specify up to three addresses (as a comma separated list, without spaces in between; e.g. email1@domain.com,email2@domain.com,email3@domain.com). In such cases, AS2 Gateway will treat the first address as the primary email (e.g. used in the abovementioned From header).

Key Pair

  1. Now we have to configure a certificate (or a key pair, technically speaking) for the station. The station will use this key and certificate for decrypting incoming messages, and signing outgoing messages and MDNs. Here we have three options:

    • Option 1 - Generating a new keystore.

    • Option 2 - Uploading an existing keystore.

    • Option 3 - Selecting a certificate from "Certificate Store".

    If you are new to AS2 messaging, we recommend you to go with Option 1 until you are familiar with the concepts related to certificates.

Option 1 - Generate New Key Store:

new ks gen
  1. Specify a common name for the new certificate. This can be your name or your server’s hostname. For example "Rajind Ruparathna" or "www.as2gateway.com".

  2. Specify the organization unit. This can be a something like section name in your organization. For example "Information Technology"

  3. Specify the organization. This can be your company name. For example "Acme Inc."

  4. Specify a city. For example "Colombo".

  5. Specify a state. For example "North Western"

  6. Select your country from the drop down list.

  7. Select a preferred key length.

  8. Enter a password for the new key store.

  9. Enter a password for the certificate.

That is all if you are going with option 1.

Option 2 - Upload An Existing Key Store:

upload ks

If you have an already generated key store, you can go with this option.

The key store in this case, will be a "container" file with a private key and its public certificate counterpart. Acceptable file types are JKS (.jks) and PKCS#12 (.p12, .pfx). A key store is not a single certificate or key; hence .pem, .cer, .der, id_rsa etc. are not accepted.
  1. Enter the password of the keystore.

  2. Browse and select the key store.

  3. Enter the alias of the certificate.

  4. Enter the password for the certificate.

Option 3 - Selecting A Certificate From Certificate Store:

select cert from store

Once the certificate configuration is complete, submit the form by clicking Save.

Trading Station Listing

Once you add the station, you will be directed to the trading station listing page, from which you can view the partner configuration of the station just created.

station list

Note the actions on the bottom section of the station card; for editing (managing), previewing and monitoring the station.

Partner Configuration of Trading Station

partner config button pointed

Click on the View Partner Configuration button of the action panel of the trading station card to see the configuration that you should be sharing with your remote trading partners.

This configuration allows your partners to set you up a trading partner on their end, and send AS2 messages to your organization via the trading station that we created in previous step.

partner config

You can use the Share this configuration option to directly send the configuration to your partner, via email.

  1. [Optional] If you want to receive messages over HTTPS, toggle the Attach HTTPS certificates option to also attach the AS2 Gateway port-8443 HTTPS certificate to the configuration share email.

    Partners can send messages to you over HTTP (port 8280); HTTP offers sufficient security for AS2 communication, because AS2 payloads are already encrypted.

    However if HTTPS is desired, partners can connect to you (AS2 Gateway) via HTTPS - over port 8443, 443, or 4080. The above HTTPS certificate is only applicable for port 8443; this certificate is self-signed, so the partner system needs to import and trust it explicitly.

    If the partner uses port 443 or 4080 instead, there is no need to import any HTTPS certificate - as long as their system is trusting the issuer of the HTTPS certificates being used on those ports: the DST Root CA X3 Certificate Authority (CA). If DST Root CA X3 is not trusted on their end, they can simply import the CA’s certificate from the above link.

    This information is also included in the partner configuration share email that you are about to send to your partner.

  2. Specify an email address of the partner you want to communicate with.

  3. Click this Send button to send the configuration email to your partner.

Now that we have created a trading station, the next step would be to create a trading partner so that we can starting communicating.

In this topic
In this topic