Configuring an HTTPS server

An HTTP or HTTPS server is an endpoint that is associated with an AS2 or AS4 receiver. This receiver is used to receive messages from a trading partner. An HTTPS server is a base server that is used to transport messages. The HTTPS server uses the SSL certificate for security.

Before you begin

You also can import a server configuration as a resource from another installation of B2B Advanced Communications. For more information, see Resource commands.

About this task

An HTTPS server is a base server that is used to transport messages. The HTTPS server uses the SSL certificate for security.

Important: Selecting an SSL protocol for message exchanges, including such configurations as SSL_TLS, SSL, SSLv2, SSL, SSLv2, SSLv3, is not suggested. A security risk exists for all SSL protocols. Available TLS connection protocols include TLS, TLSv1, TLSv1.1, and TLSv1.2.
Important: If the communications component receives a notification (critical event) about low grid memory, the HTTPS server stops accepting the incoming messages for processing. The messages that are already accepted are processed. After the memory clears and rises higher than the low watermark, another notification is sent to the communications component. Thereafter, the HTTPS server starts accepting the messages.

Procedure

To configure an HTTPS server, complete the following steps:

  1. Log in to B2B Advanced Communications. You must have Master Account Administrator permissions to create an HTTPS server.
  2. Click Systems Management > Servers.
  3. On the Servers page, click New and select HTTPS.
  4. On the Create HTTPS Server page, specify values for the following fields:
    Associated organization
    Click Select and select the owner organization with which the HTTPS server is associated.
    Name
    Optional: Type a description for the HTTPS server.
    Description
    Optional: Type a description for the HTTPS server.
    Port
    Type the port number for the HTTPS server.

    Generally, the port number specifies the service available on the HTTP server. Some services like FTP, TELNET, SMTP are available on fixed (default) port numbers. When you assign a port number to the HTTP server, ensure that the port number does not conflict with the default port number of a service that is available on the HTTP server. Valid range for a port number is 0 - 65535.

    Public URL

    Enter the external URL of the HTTPS server that is shared with your trading partner. Your trading partner configures this URL in their exchange profile.

    Perimeter server
    Optional: Select the Enable perimeter server check box to enable a perimeter server.

    Enabling the perimeter server option allows the HTTPS server and perimeter server to communicate with each other. Perimeter server must be configured at the member level. If a perimeter server is configured and if it is enabled in the HTTPS server configuration, messages pass through the perimeter server based on the configuration of the perimeter server - less secure or more secure network.

    Note: For more information on how to set up Perimeter server, see Perimeter server setup.
    Thread pool
    Select a thread pool (a collection of threads). A thread pool manages the threads in the pool to process the tasks. To handle large volumes of files or large files, you can create a thread pool with more number of threads and associate the thread pool to the HTTP server.
    Basic authentication
    Optional: To enable basic authentication, select the Enable basic authentication check box.

    Basic authentication is used to determine the identity of the client (sender), through a username and password (organization credentials) when a transaction is initiated.

    SSL certificate

    Select the certificate to be used by the HTTPS server to encrypt and send data securely.

    You must share the public key of the certificate with the trading partner. The trading partner adds the certificate to their system. The sender (trading partner) uses the public key to encrypt the message during message exchange.

    SSL client authentication
    To enable SSL client authentication, select the Enable SSL client authentication check box.

    SSL client authentication is used to determine the identity of the client (sender) when a transaction is initiated.

    CA certificates
    Global truststore, single CA certificate, or multiple certificates can be used for SSL client authentication. Based on your requirement, select one of the following options:
    • Use global trust store - A global truststore contains the trading partner certificates. If you select Use global trust store, B2B Advanced Communications (receiver) verifies the public key that is provided by the client during the handshake with the certificates in the global truststore. If a match is found, and the certificate is valid the transaction is taken forward. Else, B2B Advanced Communications closes the session with appropriate error message.
    • Select or add the CA ceritificates to use - Based on your requirement (primarily, the trading partner with whom you are transacting), you can select multiple CA certificates or a single certificate for SSL client authentication. If you select Select or add the CA ceritificates to use B2B Advanced Communications (receiver) verifies the public key that is provided by the client during the handshake with the group of certificates or the single certificate. If the verification is successful, and the certificate is valid, the transaction is taken forward. Else, B2B Advanced Communications closes the session with appropriate error message.

    The following options are displayed when you select Select or add the CA ceritificates to use option:

    • Add CA Certificate - Click Add CA Certificate to add a CA certificate that can be used for SSL client authentication.
    • A list of available CA certificates that can be used for SSL client authentication. Click the certificate alias (in the Available CA Certificates list) you want to use and then click the forward arrow. The certificate is listed in the Selected CA Certificates list and can be used for SSL client authentication.
    SSL protocol

    Select the connection protocol or configuration to securely transfer messages. Default value is TLSv1.2 for B2B Advanced Communications version 1.0.0.5 and higher.

    Remember: Selecting an SSL protocol for message exchanges, including such configurations as SSL_TLS, SSL, SSLv2, SSL, SSLv2, SSLv3, is not suggested. Available TLS connection protocols include TLS, TLSv1, TLSv1.1, and TLSv1.2.
    Restriction: If you are using a custom system certificate using SHA-1, you must replace it with a certificate that uses SHA-2.
    Security level

    The level of security attributed to the connection protocol. Default value is HIGH.

  5. Click Save to save the HTTPS server configuration. The HTTPS server is automatically started when you save the configuration.