Updating an AS2 Partner

Watch video ▶️

Partners added on MFT Gateway can be updated/modified later to change various configurations associated with that partner such as the name, AS2 Identifier, AS2 URL, certificates and other advanced configurations.

To update a partner, first go to the partners view using the ‘Partners’ icon on the left navigation menu, and locate the partner entity to be updated. Then click the Manage Partner” button on that partner card to open the partner management view.

Partner Entry

1 Updating basic information of a Partner

The basic information of the partner such as the Name, URL and the Message Subject can be modified directly and are generally safe to be changed (given that the URL is a valid AS2 endpoint of the partner organization).

Manage Partner View

1.1 Updating the AS2 identifier

If it is required to change the AS2 Identifier, click on the Edit button “” (with a pencil icon) available next to the “AS2 Identifier” label. Then a warning popup message will appear with an explanation of the risks associated with changing the AS2 identifier of a working AS2 connection. If those risks are acceptable, check the “Read and understood terms” check box and click the Continue button. That will make the AS2 Identifier field editable.

Changing the partner AS2 identifier on a working AS2 connection, is not recommended; it will:

  • Detach any existing inbox/sent messages from this partner.
  • Affect any existing messages for this partner, that are currently in your outbox/failed lists.
  • Cause inconsistencies in existing message counts and statistics.
  • Break any existing integrations; e.g. REST API message submissions, SFTP folder structures (if enabled), EDIG workflow.

The option to update the AS2 identifier of the partner is not supported through REST APIs.

2 Updating advanced configurations of a Partner

The advanced configurations of the partner such as AS2 security configurations, MDN related configurations, transmission parameters, preferred file structure can also be changed by expanding the Advanced Options section of the partner management view. Please refer to the Advanced configuration for an AS2 Partner for more details on these advanced configuration parameters.

In addition to the advanced options in the create partner view, the below options are included in the manage partner view.

2.1 Transmission

2.1.1 Pause Incoming/Outgoing Traffic

2.1.1.1 Pause Incoming Traffic

When this option is enabled, MFT Gateway will temporarily block all inbound traffic from the partner. You can also choose the type of response that will be sent to the partner during this block period.

  • Send Success MDN: Return a success MDN for incoming messages
  • Send Error MDN: Return an Error MDN for incoming messages
  • Send Error Response: Fail incoming messages with a 422 error
2.1.1.2 Pause Outgoing Traffic

If this option is enabled, MFT Gateway will temporarily stop all outbound traffic to the partner, including traffic generated by S3 integration, SFTP integration, EDIG integration and the REST API. MFT Gateway will not persist the attachments sent to a blocked partner.

For each blocked message you will receive a send failure notification to the station’s configured notification email.

Advanced Options
Advanced Options

3 Updating Encryption certificate

There can be situations where the already assigned encryption certificate of a partner has to be updated/changed. A few such situations are,

  • An incorrect certificate was assigned at the partner creation by mistake
  • Currently assigned certificate has expired and the partner has provided a new certificate
  • Currently assigned certificate is expiring in the near future and the partner has provided a new certificate to be used from a specific date and time onwards

3.1 Updating the Encryption certificate immediately

If it is required to update the encryption certificate immediately, it can be done by selecting the new certificate from the Encryption Certificate dropdown. The new certificate should be already available in the Certificate Store of the MFT Gateway account.

After this change the new certificate will be in effect right after the partner update is completed. Hence, this option is ideal for situations where the currently assigned encryption certificate is either incorrect or already expired.

3.2 Scheduling an Encryption certificate

If it is required to switch to an encryption certificate at a specific date and a time, it can be done by enabling the Schedule Backup Encryption Certificate check box. Then Schedule Backup Encryption Certificate section will appear below.

Schedule Encryption Certificate

Just as in previous sections, select the backup certificate from the dropdown.

In addition, there will be a field named Activate on where a specific date and a time can be set for the certificate change. Please note that the time must be set in UTC.

Once scheduled, MFT Gateway will automatically switch the encryption certificate of this partner to the new certificate at the specified date and time without any manual intervention. Until that date and time, the current encryption certificate will be in use. Hence, this option is ideal for situations where the currently assigned encryption certificate is expiring in the near future, and the partner has provided a new certificate to be used only after a specific date and time.

4 Updating Signature Verification certificate

If it is required to assign a separate signature verification certificate or change an already assigned signature verification certificate, it can be done by checking the Use Different Certificate For Signature Verification check box of the partner management view. Select the certificate from the dropdown that will appear after the box is checked.

If you already have configured a signature verification certificate for the partner, you can schedule a signature verification certificate, by checking the Schedule Backup Signature Verification Certificate check box and following the same steps mentioned in Schedule Encryption Certificate section

5 Updating HTTPS (TLS/SSL) certificate

If it is required to update the HTTPS (TLS/SSL) certificate, it can be done by checking the Add HTTPS (TLS/SSL) Certificate section of the partner management view, and selecting the certificate from the dropdown.

If you already have configured an HTTPS (TLS/SSL) certificate for the partner, you can schedule an HTTPS (TLS/SSL) certificate, by checking the Schedule Backup HTTPS (TLS/SSL) Certificate check box and following the same steps mentioned in Schedule Encryption Certificate section

Change Certificates

Once all the necessary configuration changes are done, click on the Update button at the bottom to update the partner entity. Once the partner has been updated successfully, you will land back in the partner list view.