Updating an AS2 Partner | Aayu Technologies
EDI and AS2 Gateways by Aayu Technologies
mft gateway logo as2 gateway logo edi generator logo
Link Search Menu Expand Document
logo
Contact

Updating an AS2 Partner

Partners added on MFT Gateway can be updated/modified later to change various configurations associated with that partner such as the name, AS2 Identifier, AS2 URL, certificates and other advanced configurations.

To update a partner, first go to the partners view using the ‘Partners’ icon on the left navigation menu, and locate the partner entity to be updated. Then click the Manage Partner button on that partner card to open the partner management view.

Partner Entry

1 Updating basic information of a Partner

The basic information of the partner such as the Name, URL and the Message Subject can be modified directly and are generally safe to be changed (given that the URL is a valid AS2 endpoint of the partner organization).

Manage Partner View

1.1 Updating the AS2 identifier

If it is required to change the AS2 Identifier, click on the Edit button (with a pencil icon) available next to the “AS2 Identifier” label. Then a warning popup message will appear with an explanation of the risks associated with changing the AS2 identifier of a working AS2 connection. If those risks are acceptable, check the “Read and understood terms” check box and click the Continue button. That will make the AS2 Identifier field editable.

Changing the partner AS2 identifier on a working AS2 connection, is not recommended; it will:

  • Detach any existing inbox/sent messages from this partner.
  • Affect any existing messages for this partner, that are currently in your outbox/failed lists.
  • Cause inconsistencies in existing message counts and statistics.
  • Break any existing integrations; e.g. REST API message submissions, SFTP folder structures (if enabled), EDIG workflow.

2 Updating advanced configurations of a Partner

The advanced configurations of the partner such as AS2 security configurations, MDN related configurations, transmission parameters, preferred file structure can also be changed by expanding the Advanced Options section of the partner management view. Please refer to the Advanced configuration for an AS2 Partner for more details on these advanced configuration parameters.

3 Updating Encryption certificate

There can be situations where the already assigned encryption certificate of a partner has to be updated/changed. A few such situations are,

  • An incorrect certificate was assigned at the partner creation by mistake
  • Currently assigned certificate has expired and the partner has provided a new certificate
  • Currently assigned certificate is expiring in the near future and the partner has provided a new certificate to be used from a specific date and time onwards

In such a situation, the already assigned encryption certificate can be changed by expanding the Encryption Certificate section of the partner management view.

3.1 Updating the Encryption certificate immediately

If it is required to update the encryption certificate immediately, it can be done by enabling the Change Encryption Certificate toggle. Then a section named New Encryption Certificate will appear below with 3 options.

Change Encryption Certificate

  • If the new certificate is available as a separate certificate file, it can be uploaded using the Upload Certificate option. A certificate file in a commonly used format such as DER, CER, PEM, CRT and P7B can be uploaded using this option.

  • If the new certificate is already available in the Certificate Store of the MFT Gateway account, Select From Certificate Store option can be used to select it accordingly.

  • If the new certificate is available in a keystore file, it can be imported using the Import From Keystore option by providing the corresponding certificate alias. A keystore file in a commonly used format such as JKS, PKCS12, P12 and PFX can be used with this option.

An encryption certificate configured with the Change Encryption Certificate option will be in effect right after the partner update is completed. Hence, this option is ideal for situations where the currently assigned encryption certificate is either incorrect or already expired.

3.2 Scheduling an Encryption certificate

If it is required to switch to an encryption certificate at a specific date and a time, it can be done by enabling the Schedule Backup Encryption Certificate toggle. Then a section named Schedule Backup Encryption Certificate will appear below with 2 options.

Schedule Encryption Certificate

The usage of these 2 options (Upload Certificate and Select From Certificate Store) are the same as mentioned on the previous section.

In addition, there will be a field named Activate on where a specific date and a time can be set for the certificate change. Please note that the time must be set in UTC.

Once scheduled, MFT Gateway will automatically switch the encryption certificate of this partner to the new certificate at the specified date and time without any manual intervention. Until that date and time, the current encryption certificate will be in use. Hence, this option is ideal for situations where the currently assigned encryption certificate is expiring in the near future, and the partner has provided a new certificate to be used only after a specific date and time.

3.3 Adding Encryption/Signature Verification Chain Certificates

If it is required to add any chain certificates to be associated with either the encryption certificate or the signature verification certificate, it can be done by enabling the Add Encryption/Signature Verification Chain Certificates toggle. Then a section named Encryption/Signature Verification Chain Certificates will appear below with 2 options.

Update Chain Certificates

  • If the chain certificates are available as a separate certificate files, they can be uploaded using the Upload Chain Certificates option. Certificate files in a commonly used format such as DER, CER, PEM, CRT and P7B can be uploaded using this option.

  • If the chain certificates are available in a keystore file, it can be imported using the Import From Keystore option by providing the corresponding certificate aliases. A keystore file in a commonly used format such as JKS, PKCS12, P12 and PFX can be used with this option.

4 Updating Signature Verification certificate

If it is required to assign a separate signature verification certificate or change an already assigned signature verification certificate, it can be done by expanding the Signature Verification Certificate section of the partner management view, and enabling the Use Different Certificate For Signature Verification toggle. Then a section named Signature Verification Certificate will appear below with 3 options, which provide the same functionality as mentioned on the encryption certificate section to add the signature verification certificate.

5 Updating HTTPS (TLS/SSL) certificate

If it is required to update the HTTPS (TLS/SSL) certificate, it can be done by expanding the HTTPS (TLS/SSL) Certificate section of the partner management view, and enabling the Add HTTPS (TLS/SSL) Certificate toggle. Then a section named HTTPS (TLS/SSL) Certificate will appear below with 3 options, which provide the same functionality as mentioned on the encryption certificate section to add the HTTPS certificate.

5.1 Adding HTTPS (TLS/SSL) Chain Certificates

If it is required to add any chain certificates to be associated with the HTTPS (TLS/SSL) certificate, it can be done by enabling the Add HTTPS (TLS/SSL) Chain Certificates toggle. Then a section named HTTPS (TLS/SSL) Chain Certificates will appear below with 2 options, which provide the same functionality as mentioned on the encryption chain certificates section to add the HTTPS (TLS/SSL) chain certificates.

Once all the necessary configuration changes are done, click on the Update button at the bottom to update the partner entity. Once the partner has been updated successfully, you will land back in the partner list view.