Updating an AS2 Station

Stations added on MFT Gateway can be updated/modified later to change various configurations such as the name, AS2 identifier, certificates, etc.

To update a station, open the stations view using the Stations icon on the left navigation menu, and locate the station entity to be updated. Then click the Manage Station Details button on that station card to open the station management view.

For reference, the creation and last-update timestamps of the station are recorded and shown in the footer area of the management view.

1 Updating basic information of a Station

Basic information such as Name and Email are generally safe to be changed, and can be modified directly.

1.1 Updating the AS2 identifier

If it is required to change the AS2 Identifier, click on the Edit button (pencil icon) next to the “AS2 Identifier” label. A warning popup message will appear with an explanation of the risks associated with changing the AS2 identifier of a working AS2 connection. If those risks are acceptable, check the “Read and understood terms” check box and click the Continue button. That will make the AS2 Identifier field editable.

Make sure that your partners also change your AS2 ID on their ends synchronously, ideally within a safety/maintenance window.

Changing the station AS2 identifier on a working AS2 connection, is not recommended; it will:

• Detach any existing inbox/sent messages from this station.
• Affect any existing messages from this station, that are currently in your outbox/failed lists.
• Cause inconsistencies in existing message counts and statistics.
• Cause any ongoing message traffic to fail or be rejected, until your partners also change your AS2 ID on their ends.
• Break any existing integrations; e.g. REST API message submissions, SFTP folder structures (if enabled), EDIG workflow.

2 Advanced Options

2.1 Notifications

Choose to receive an email notification for events of interest:

• receipt of each AS2 message to this station
• sending failures; e.g. where a partner endpoint has been unavailable to accept a queued message and all automatic retries have failed
• incomplete messages; when a message has failed sending and the encountered error is not safe to be retried
• MDN related issues; e.g. receipt/issuing of negative MDNs, integrity (MIC) mismatches, failure to send back an async MDN

2.2 Transmission

• Enable Static IP and Large Payload Support For Incoming Messages: Choose if you want to receive messages through a static IP address (e.g. if the partner system requires a specific IP address to be whitelisted for outbound traffic from their end), and/or you want to receive messages larger than 3 MB in size (not supported on the ‘default’ receiver endpoint). These are optional, value-added services that would require a business or enterprise-level subscription to retain after your free trial ends.

2.3 Other Options

• Description: Write/maintain any notes regarding the station
• Set as Default Station: If enabled, when composing a new message, system will automatically pre-select this station as the sender identity.

3 Change Station Certificate

There can be situations where the key pair of a station (station certificate) has to be updated/changed, such as:

• an incorrect key pair was generated or assigned at the station creation by mistake
• certificate of currently assigned key pair has expired, or is expiring in the near future

In such a situation, the key pair can be changed by expanding the Change Station Certificate section.

The updated certificate will get applied immediately; so, for a live AS2 connection, it is always recommended to perform this activity during a maintenance window - collectively agreed among all trading partners that are communicating through the station.

You must share only the public certificate exposed on the partner-config view of the station, with your partners; never share the private key with anyone, even if you manage to export it.

3.1 Self Signed

Refer to the default certificate configuration section on generating a new self-signed key pair for the station.

3.2 From Keystore

If the new key pair is available in a keystore file, it can be imported using the Import From Keystore option. A keystore file in a commonly used format such as JKS, PKCS12, P12 and PFX can be used with this option.

• Keystore: keystore file containing the key pair
• Keystore Password: verification (MAC) password of keystore file
• Private Key Alias: alias (friendly name) under which the key pair (PrivateKeyEntry) is stored in the keystore
• Private Key Password: decryption password for the entry’s private key; may often be the same as the keystore password
• Use new password for private key: If you wish to use a different password to store the imported key pair within the system, enable this option and provide the new password under New Private Key Password.

3.3 From Cert Store

If the new key pair is already available in your Certificate Store, select it from the Key Pair dropdown.

3.4 CA Signed

Sometimes a partner may request you to present/use a certificate issued/signed by a trusted certificate authority (CA), instead of a default self-signed one; If you have obtained (or renewed) such a certificate, you can update the existing station key pair by uploading it through this option. A certificate file in a commonly used format such as DER, CER, PEM, CRT and P7B can be uploaded.

3.5 Renew Self Signed

If the certificate is expiring or expired, or you want to change its validity period or expiration date for some other reason, select a suitable period on the Extend Validity For Another field, and verify the new date under Extended Certificate Expiry.