AS2 Gateway 2.6.5 is now live! This release focuses on important bug fixes and valuable feature enhancements, with the highlight being the addition of the scheduled certificate renewals functionality. Let’s dive into the new release and explore what’s new!
Schedule certificate renewals
With the latest version of AS2 Gateway, you now have the ability to schedule the activation of station certificates and partner encrypt/sign certificates at a specific future date and time in order to prevent AS2 transmission errors due to expired certificates and ensure optimal security with periodic certificate rotation.
Scheduling partner encrypt and sign certificate renewal
You can find this option from the Partner card view.
In the schedule certificate renewal popup, you can schedule the activation of either an encrypt certificate, a sign certificate, or both. To schedule a sign certificate, the toggle for Schedule sign certificate must be enabled. You can upload the partner’s public certificate, or select it from the certificate store by keeping the Upload new toggle off. Additionally, you can set a specific date and time for the certificate change in the Activate On field, noting that the time must be in your local time zone.
Once scheduled, a notification banner will appear in both the Manage Partner view and the Schedule Certificate popup, indicating the scheduled certificate and time. You will have the option to cancel or change the scheduled activation.
AS2 Gateway will automatically switch the encryption/sign or both certificate(s) of the relevant partner to the new certificate(s) at the specified date and time without any manual intervention. Until then, the current encryption/sign certificate will remain in use, and upon activation, this old certificate will be set as the fallback certificate until expiration, with the option to remove it from the certificate schedule popup when needed.
Please note that for incoming messages, if there is a valid backup certificate, signature verification is allowed through either the assigned partner sign certificate or the backup partner sign certificate until its expiration, unless it is manually removed. This functionality is useful when a partner rotates their certificate ahead of schedule or experiences delays in updating certificates, ensuring uninterrupted communication.
Scheduling station certificate renewal
You can find this option from the Station card view.
Here you don’t have the option to upload new key pairs; instead, you must select an existing station certificate from the keystore and provide the time to schedule the activation.
Similar to partner certificate scheduling, a notification banner will appear upon scheduling, showing the scheduled certificate and time in both the Manage Station view and Schedule Station Certificate Renewal popup views, along with the option to cancel the scheduled activation
Once the scheduled certificate is activated, the old certificate will be set as the fallback station certificate if it has not expired, and you can remove it manually at any time from the Schedule Certificate Renewal popup.
Starting with this release, for incoming messages, if there is a valid backup certificate, the station will use either the assigned certificate or the backup certificate to decrypt the message. However when signing an outgoing AS2 message or MDN, the station uses the currently assigned certificate; giving an authentication error on the partner’s side if they still use the old certificate.
Show certificate expiry date as tooltips in certificate selection dropdowns
The expiry date and time for the relevant certificate will be shown as a tooltip in the certificate selection dropdowns, allowing you to clearly identify which is the renewed certificate and which is the old certificate.
Add Session timeout on user inactivity
As an enhanced security measure, if the user is inactive for 10 minutes, AS2 Gateway will display the auto-logout dialog, similar to how it works for token expiration. If no action is taken, you will be logged out. However, if you choose to stay signed in, you will remain logged in.
User management enhancements
Add a description when creating a user role
You can now add a description when creating a user role for identification purposes, starting from this release.
Grouping user role permissions
We have separated user management permissions into three categories: User, User Group, and Roles to provide more flexibility in assigning permissions to different types of users.
More features for our on-premise users
-
Audits on SSO login success/failure: Track and review successful or failed Single Sign-On login attempts, for enhanced security monitoring.
-
SSO OAuth code exchange with PKCE: Strengthen OAuth authentication flow with PKCE (Proof Key for Code Exchange) to prevent authorization code interception attacks.
Have questions or spot anything unusual? We’re only an email away! Enjoy your 30-day free trial and stay tuned for more updates in the next AS2 Gateway release.
