Configuring an HTTPS server

An HTTP or HTTPS server is an endpoint that is associated with an AS2 or AS4 receiver. This receiver is used to receive messages from a trading partner. An HTTPS server is a base server that is used to transport messages. The HTTPS server uses the SSL certificate for security.

To configure an HTTPS server, complete the following steps:

1. Log in to AS4 Microservice. You must have Master Account Administrator permissions to create an HTTPS server.
2. Click Systems Management > Servers.
3. On the Servers page, click New and select HTTPS.
4. On the Create HTTPS Server page, specify values for the following fields:

   Associated organization

   Click Select and select the owner organization with which the HTTPS server is associated.

   Name

   Optional: Type a description for the HTTPS server.

   Description

   Optional: Type a description for the HTTPS server.

   Port

   Type the port number for the HTTPS server.

   Generally, the port number specifies the service available on the HTTP server. Some services like FTP, TELNET, SMTP are available on fixed (default) port numbers. When you assign a port number to the HTTP server, ensure that the port number does not conflict with the default port number of a service that is available on the HTTP server. Valid range for a port number is 0 - 65535.

   Public URL

   Enter the external URL of the HTTPS server that is shared with your trading partner. Your trading partner configures this URL in their exchange profile.

   Perimeter server

   Optional: Select the Enable perimeter server check box to enable a perimeter server.

   Enabling the perimeter server option allows the HTTPS server and perimeter server to communicate with each other. Perimeter server must be configured at the member level. If a perimeter server is configured and if it is enabled in the HTTPS server configuration, messages pass through the perimeter server based on the configuration of the perimeter server - less secure or more secure network.

   Note: For more information on how to set up Perimeter server, see Perimeter server setup .

   Thread pool

   Select a thread pool (a collection of threads). A thread pool manages the threads in the pool to process the tasks. To handle large volumes of files or large files, you can create a thread pool with more number of threads and associate the thread pool to the HTTP server.

   Basic authentication

   Optional: To enable basic authentication, select the Enable basic authentication check box.

   Basic authentication is used to determine the identity of the client (sender), through a username and password (organization credentials) when a transaction is initiated.

   SSL certificate

   Select the certificate to be used by the HTTPS server to encrypt and send data securely.

   You must share the public key of the certificate with the trading partner. The trading partner adds the certificate to their system. The sender (trading partner) uses the public key to encrypt the message during message exchange.

   SSL client authentication

   To enable SSL client authentication, select the Enable SSL client authentication check box.

   SSL client authentication is used to determine the identity of the client (sender) when a transaction is initiated.

   CA certificates

   Global truststore, single CA certificate, or multiple certificates can be used for SSL client authentication. Based on your requirement, select one of the following options:

   • Use global trust store - A global truststore contains the trading partner certificates. If you select Use global trust store, AS4 Microservice (receiver) verifies the public key that is provided by the client during the handshake with the certificates in the global truststore. If a match is found, and the certificate is valid the transaction is taken forward. Else, AS4 Microservice closes the session with appropriate error message.
   • Select or add the CA ceritificates to use - Based on your requirement (primarily, the trading partner with whom you are transacting), you can select multiple CA certificates or a single certificate for SSL client authentication. If you select Select or add the CA ceritificates to use AS4 Microservice (receiver) verifies the public key that is provided by the client during the handshake with the group of certificates or the single certificate. If the verification is successful, and the certificate is valid, the transaction is taken forward. Else, AS4 Microservice closes the session with appropriate error message.

   The following options are displayed when you select Select or add the CA ceritificates to use option:

   • Add CA Certificate - Click Add CA Certificate to add a CA certificate that can be used for SSL client authentication.
   • A list of available CA certificates that can be used for SSL client authentication. Click the certificate alias (in the Available CA Certificates list) you want to use and then click the forward arrow. The certificate is listed in the Selected CA Certificates list and can be used for SSL client authentication.

   SSL protocol

   Select the connection protocol or configuration to securely transfer messages. Default value is TLSv1.2 for AS4 Microservice version 1.0.0.5 and higher.

   Remember: Selecting an SSL protocol for message exchanges, including such configurations as SSL_TLS, SSL, SSLv2, SSL, SSLv2, SSLv3, is not suggested. Available TLS connection protocols include TLS, TLSv1, TLSv1.1, and TLSv1.2.

   Restriction: If you are using a custom system certificate using SHA-1, you must replace it with a certificate that uses SHA-2.

   Security level

   The level of security attributed to the connection protocol. Default value is HIGH.

5. Click Save to save the HTTPS server configuration. The HTTPS server is automatically started when you save the configuration.