Skip to content

Quick Start for AS4

View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT, Gateway, Agents, etc.
Note: Users can reply to existing topics but only our support staff can add new topics to this forum.
Post Reply

Quick Start for AS4

by Support_Jake »

Quick Start for AS4 Service

Applicability Statement 4 (AS4) is a message protocol based on SOAP and Web Services to securely exchange messages between business partners. AS4 utilizes a Messaging Service Handler (MSH) for setting up the message exchange. Messages are compressed, signed, and encrypted. Message deliveries are verified by notification receipts. AS4 can exchange any kind of payload (XML, JSON, EDI, etc.) and supports multiple payloads being sent in one AS4 message. AS4 provides rich support for metadata and allows for pushing and pulling messages.


Setting Up the AS4 Service in GoAnywhere MFT

Enable SSL for the HTTPS Connection using the Key Management System
These steps will create a certificate within the System Key Vault's certificate manager that is used to protect the HTTP tunnel for receiving AS4 messages. If HTTPS is already configured, move on to the next section.

  1. Log in as an Admin User with the Product Administrator and Key Manager role. If your user account is assigned to a custom Admin User Role, your ability to view, modify, or execute actions on this page are based on the permissions specified for that role.
  2. From the main menu, select Encryption > Key Management System.
  3. Open the System Key Vault's certificate manager.
  4. Create a certificate in the System Key Vault.
  5. Generate a Certificate Signing Request (CSR) for the newly created certificate.
  6. Work with your Certificate Authority (CA) (for example, Thawte or GoDaddy) to sign your certificate.
  7. Import the CA Reply from the signing authority and any required root (primary) and intermediate certificates.
  8. From the SSL tab of the HTTPS/AS2 Listener, specify System Key Vault as the Certificate Location. Then select the certificate from the Key Name field. Optionally, supply the certificate password if it was not stored in the Key Vault.
  9. Restart the HTTPS/AS2/AS4 service on the Service Manager page.
Enable SSL for the HTTPS Connection using File Based Keys
These steps will create a certificate within the File Based Keys manager that is used to protect the HTTP tunnel for receiving AS4 messages. If HTTPS is already configured, move on to the next section.

  1. Log in as an Admin User with the Product Administrator and Key Manager role. If your user account is assigned to a custom Admin User Role, your ability to view, modify, or execute actions on this page are based on the permissions specified for that role.
  2. From the main menu, select Encryption > File Based Keys > Certificates.
  3. Open the Default Private Key Store.
  4. Create a certificate in the Default Private Key Store.
  5. Generate a Certificate Signing Request (CSR) for the newly created certificate.
  6. Work with your Certificate Authority (CA) (for example, Thawte or GoDaddy) to sign your certificate.
  7. Import the CA Reply from the signing authority and any required root (primary) and intermediate certificates.
  8. On the HTTPS Listener’s SSL tab, set the Key Alias attribute to the name of the new signed certificate.
  9. Restart the HTTPS/AS2/AS4 service on the Service Manager page.
Create a Unique Certificate for AS4
Some organizations require a separate certificate to sign receipts. When a separate AS4 certificate will be used for message decryption and signing receipts, create a new certificate as instructed above. Note the Alias of the SSL certificate, as it will be used later.

Export the head certificate from the Key Vault or from the File Based Key Manager. It will be downloaded to your browser’s download location. This will be used later.

Configure the AS4 Service
  1. To configure the AS4 Service, log in as an Admin User with the Product Administrator role. If your user account is assigned to a custom Admin User Role, your ability to view, modify, or execute actions on this page are based on the permissions specified for that role.
  2. From the main menu bar, select Services and then click the Service Manager link.
  3. Click the Action icon Cog wheel next to the HTTPS/AS2/AS4 Service, and then click Edit.
  4. In the left hand navigation, select the AS4 link under the Preferences section.
  5. Enable the AS4 Service.
  6. Save the settings.

Sharing AS4 Information with Trading Partners

With the certificate created and the AS4 Service enabled, it is now time to share information with your trading partner and configure their Web User accounts in GoAnywhere. Each AS4 trading partner must be setup as a Web User in GoAnywhere. In order to provide AS4 file transfer services with your trading partners, you will need to provide details about your server with your trading partner, and your trading partner must provide details and certificates with you.

What to provide each trading partner
  • AS4 To ID - This is your AS4 ID.
  • URL - The trading partner will use this URL to connect to your GoAnywhere AS4 server. The default URL is [protocol]://[hostname][:port]/as4/receive.

    EXAMPLE:
    https://example.com:443/as4/receive
  • Conversation ID - This is a unique identifier for each separate message transaction.
  • AS4 Message Channel Name(s) - These are message channels that the trading partner is authorized to pull from. For example, http://example.com/as4/mpc.
  • Processing Mode Name - The name assigned to the Push or Pull Processing Mode to be used for transfers.
What to obtain from each trading partner
  • AS4 ID - This is entered in the To ID field on the Push tab of the AS4 Resource and the To ID field of the Pull Processing Mode on the Web User AS4 tab.
  • Conversation ID - This is the unique identifier for each message transaction.
  • AS4 Message Channel Name(s) - These are message channels on their AS4 server that you are authorized to pull from. For example, http://example.com/as4/mpc.
  • Processing Mode Name - The name assigned to the Push or Pull Processing Mode to be used for transfers.
  • Collaboration Info - The Agreement Reference, Service, Action, etc. This information is entered in the Collaboration Info section of the Pull Processing Mode on the Web User AS4 tab.

Create the Web User

Once you have your trading partner's AS4 ID and have imported their Public Certificate, you can create their Web User accounts in GoAnywhere. The Web User account can authenticate using passwords and/or certificates. If certificate authentication is used, you must specify the SHA1 Fingerprint from the public certificate the trading partner provided you.

  1. Log in as an Admin User with the Web User Manager role. If your user account is assigned to a custom Admin User Role, your ability to view, modify, or execute actions on this page are based on the permissions specified for that role.
  2. Create a Web User.
    • If using certificate based authentication, follow the instructions on the Quick Start for Certificate Based Authentication topic.
  3. On the Web User's AS4 tab, specify the following fields:
    • AS4 From ID - The AS4 ID that you provided to your trading partner.
    • AS4 To ID - This is your partner's AS4 ID they provided to you.
    • Collaboration Info - The Agreement Reference, Service, Action, etc.
    • Specify the remaining fields based on your AS4 security requirements. The field definitions are located in the Web Help by selecting the ? question mark icon in the page header.
Jacob Przybysz
Associate Support Manager
+1 402.944.4242 Image fortra.com
Image
Post Reply

Return to “Knowledge Center”