Skip to main content

Local AS2 Server

A Local AS2 Server is a type of Endpoint that represents an AS2 receiver that UDMG Server hosts locally to enable partners securely upload files using the AS2 protocol.

This Endpoint type provides the essential infrastructure for accepting incoming AS2 connections, functioning as the Source Endpoint within a Pipeline of type UDMG as AS2 Server.

Before You Begin

Listener IP Address and Port

The Listener IP Address and Port together define the local listening address for this Local AS2 Server Endpoint:

  • Listener IP Address is the local IPv4 address that the UDMG Server binds to for this listener. If you set Listener IP Address to 0.0.0.0, UDMG binds to all IPv4 interfaces on the host. If you set a specific IP (for example, 192.168.1.10), UDMG accepts connections only on that IP.
  • Port is the TCP port on that same host where the listener accepts connections.

When creating a new Endpoint, avoid selecting a Listener IP Address/Port pair that is already assigned to another Endpoint (in any Domains) or used by another service.

Although UDMG allows multiple Endpoints to use the same Listener IP Address/Port combination, only one of those Endpoints—and therefore its associated Pipelines—can be active at a time.

The following considerations apply:

  • No Cross-Domain Validation: The system does not automatically prevent duplicate Listener IP Address/Port combinations within or across Domains.
  • Manual Validation Required: After configuring an Endpoint, always use the Validate button to see if the Listener IP Address/Port combination is already in use by another service (across all Domains). This action does not check if the IP/port can be specifically used by the Endpoint. See Validating the Configuration for more information.

AS2 Identifiers

The Local AS2 Identifier field specifies your organization's unique AS2 identifier, which partners need to know to identify UDMG as the intended recipient of an AS2 message.

The AS2 identifier has no fixed standard: it can be any unique value, such as your name, your company's name, or another distinctive identifier.

The value must match the AS2-To header of each incoming message; otherwise, the transfer is rejected. Before enabling the Endpoint, coordinate this identifier with your partner to ensure consistent configuration on both sides.

Local Private Key and X.509 Certificate

The Local Private Key and X.509 Certificate together establish UDMG's cryptographic identity for AS2 communications.

  • The Local Private Key is used to decrypt incoming AS2 messages (encrypted with the corresponding public key) and to sign Message Disposition Notifications (MDNs) returned to partners.
  • The X.509 Certificate contains the corresponding public key and is shared with partners so they can encrypt messages to your organization and verify MDN signatures.

Supported formats include PEM and PKCS#8.

Authentication Methods

The Authentication Method defines how partners are authenticated when connecting to the Local AS2 Server Endpoint. UDMG supports two options:

  • Partner Certificate Mapping: UDMG authenticates the partner checking if the AS2-From header matches the Unique AS2 identifier and validating the digital signature using the X509 Certificate, both configured in the partner's UDMG Account.
  • Partner Certificate Mapping plus Basic Authentication: In addition to the certificate-based verification above, the partner must first authenticate with the Username and Password configured in their Account before the AS2 message exchange begins.
Authentication MethodUsernamePasswordAS2-From HeaderX.509 Certificate
Partner Certificate Mapping
Partner Certificate Mapping plus Basic Authentication
info

Both, the AS2-From header and the X.509 Certificate are configured in the partner's UDMG Account.

Message Level Security (MLS) Enforcement

This setting defines the minimum security requirements that incoming AS2 messages must meet. You can choose between the following options:

  • Signed and Encrypted: Messages must be digitally signed and encrypted.
  • Compressed, Signed, and Encrypted: Messages are compressed using ZLIB before signing and encryption.

Messages that do not comply with the selected policy are rejected. Compression is optional, but both signing and encryption are always required to maintain AS2 interoperability and message integrity.

Message ID Retention Period (Minutes)

This value determines how long UDMG keeps a record of received Message-ID values to detect and block duplicate messages. By maintaining this cache, UDMG prevents replay attacks—attempts to resend a previously accepted message—within the defined retention window.

tip

Choose a duration appropriate for your operational and compliance requirements; typical configurations range from 1440 to 86400 minutes (1 to 60 days).

Adding an Endpoint

To add an Endpoint, follow these steps:

  1. From the Sidebar, select Configuration > Endpoints.
  2. Click Add Endpoint.
  3. Select Local AS2 Server in the Endpoint Type dropdown.
  4. Complete the Name and Description details for the new Endpoint.
  5. Enter the Listener IP Address and Port.
  6. Select the Local AS2 Identifier your partners will use for inbound authentication.
  7. Select the Private Key you created earlier from the Credentials Name (Local Private Key) dropdown.
  8. Select the Authentication Method your partners will use to authenticate to the Local AS2 Server.
  9. Complete the MDN configuration fields using the table below as a guide.
  10. Click Add to create the Endpoint.
  11. Click Validate to confirm that the IP address and port combination is not already in use by another service (across all Domains). See Validating the Configuration.
  12. Click Start to launch the server. See Starting, Stopping, and Restarting Endpoints.
warning

UDMG allows creating identical Endpoints with unique names, but this practice is strongly discouraged due to potential downstream complications.

Field Descriptions

The following table describes the fields that are configured for the Endpoint:

NameDescriptionSpecificationsRequired
Endpoint TypeSelect Local AS2 Server to expose an AS2 listener that receives files uploaded by business partners.The type cannot be changed after creation.Yes
NameThe name of the Local AS2 Server Endpoint.Yes
DescriptionThe description of the Local AS2 Server Endpoint.No
Listener IP AddressThe local IPv4 address that the UDMG Server binds to for this AS2 listener.Must be in IPv4 format.Yes
Port

The port number of the Local AS2 Server Endpoint.

  • The port is likely to be in the ephemeral range for 49152-65535 as per RFC 6335 or 32768-60999 on Linux.
  • The port is in the system range for 1-1023 as per RFC 6335.
  • Must be between 1 and 65535.
  • Should not be a port already associated with another Endpoint or service.
Yes
Local AS2 IdentifierYour organization's AS2 ID used for inbound matching. Incoming messages must present AS2-To equal to this value or they are rejected.Yes
Credentials Name (HTTPS TLS Certificate Pair)TLS Certificate containing the X.509 Public Certificate and corresponding private key for this server, used for securing the TLS connection.Must reference an already created TLS Certificate Pair.Yes
Credentials Name (AS2 TLS Certificate Pair)

TLS Certificate containing the X.509 Public Certificate and corresponding private key for this server, used to decrypt inbound AS2 messages and sign asynchronous MDNs.

A copy of the public certificate should be shared with your AS2 partner for encrypting messages sent to you.

Must reference an already created TLS Certificate Pair.Yes
Authentication Methods

Enforces sender authentication using Partner ID and certificate binding, with optional support for Basic Authentication. Aligns with Drummond expectations for identity assurance via AS2 headers and digital signatures.

Options:

  • Partner Certificate Mapping
  • Partner Certificate Mapping plus Basic Authentication
Default is Partner Certificate Mapping.Yes
Message Level Security (MLS) Enforcement

Enforces Drummond-aligned message security by requiring all incoming messages to be signed and encrypted, or compressed, signed, and encrypted. Messages that do not meet the selected policy are rejected.

Options:

  • Signed and Encrypted
  • Compressed, Signed, and Encrypted
Default is Signed and Encrypted.Yes
Message ID Retention Period (Minutes)Defines how long the system retains a record of received message identifiers to detect and block duplicates. A duplicate is considered a potential replay if it arrives within this retention window.Must be between 1 and 518500.Yes
Auto-Start Endpoint

Endpoint's auto-start status.

See Auto-Starting Endpoints.

Default is Enabled.Yes

Editing an Endpoint

To edit an Endpoint, follow these steps:

  1. From the Sidebar, select Configuration > Endpoint.
  2. Click the Name field of the Endpoint you want to edit.
  3. Click Stop above the Endpoint details. As noted above, configuration changes only take effect following an Endpoint restart or stop/start cycle.
  4. Click Edit above the Endpoint details.
  5. Edit details for the Endpoint, using the Field Descriptions table as a guide.
  6. Click Update.
  7. Click Restart or Stop/Start.
info

Configuration changes remain inactive until the Local AS2 Server Endpoint is restarted and the Account disconnects/reconnects to its client.

After changes are made, restart the Endpoint to apply the changes. All active connections are terminated.

Managing an Endpoint

The Local AS2 Server Endpoint has multiple management capabilities that allow you to manage and validate the Endpoint.

Viewing Endpoint Details

To view the details of an Endpoint, follow these steps:

  1. From the Sidebar, select Configuration > Endpoint.
  2. Click the Name of the Endpoint you want to view.
  3. Additionally, click the Pipelines tab to see all the Pipelines the Endpoint is associated with.

Endpoint Metadata

Endpoint details include all parameters given in the Field Descriptions table, plus the following read-only metadata:

NameDescription
UUIDUniversally Unique Identifier of this Endpoint.
VersionVersion number of the configuration. Every change increases the number.
CreatedDate and time this Endpoint was created.
UpdatedDate and time this Endpoint was last updated.
Test Status

Status of the Validate Endpoint configuration test.

Options:

  • Test not executed
  • Test passed
  • Test error
Runtime Status

The status of the server Endpoint.

Options:

  • Running
  • Stopped
  • Error: listen tcp 0.0.0.0:2041: bind: address already in use

Validating the Configuration

The configuration can be validated to confirm if the Local AS2 Server Endpoint's IP Address/Port combination is used by another service (across all Domains).

It is important to note that, even if a port is not being used elsewhere in UDMG, it is not necessarily available.

tip

AS2 operates over HTTP or HTTPS standard and most common port for AS2 file transfers are 80 for HTTP and 443 for HTTPS.

Avoid using:

  • Ports already taken by other Endpoints.
  • Ports 1344, 111, and 81.
  • UDMG Server ports (most likely 7070/7071, 8080/8081, 4222/6222) .
  • Ports blocked by your IT controls.

To validate the configuration, stop the Endpoint first (click the Stop button) and then click the Validate button. One of the following messages appears:

  • Error/Fail: 'Endpoint test has failed. The port #### on address #.#.#.# is already in use.'

    • If validation fails, then the IP Address/Port is not available and should not be used. You must review and modify the IP Address/Port combination.

      info

      If the Endpoint's Runtime Status is Running, then the validation test will fail because the IP Address/Port is being used by that Endpoint.

  • Pass: 'Endpoint has passed the test.'

    • If validation passes, the IP Address/Port is not currently being used by another service.

      info

      The test does not confirm if the IP Address/Port can be used by the Endpoint. The IP Address/Port must be available based on your network IT controls, such as firewalls.

Starting, Stopping, and Restarting Endpoints

Local AS2 Server Endpoints function as virtual servers that require proper management for file transfer operations. After initial creation, these Endpoints must be activated before they can process transfers. Endpoints can be initiated through one method:

  • Manual Start: Click the Start button on the Details page.

Additionally, configuration changes only take effect following an Endpoint restart or stop/start cycle. Once the Endpoint is running, three control actions are available from the Details page:

  • Start: Launches the Endpoint connection when currently stopped.
  • Stop: Initiates the shutdown of the Endpoint. New connections are not allowed, while the pending sessions remain until they are disconnected. Utilize the Active Sessions field on the Details page.
  • Restart: Executes a complete stop/start sequence to apply configuration changes.

After the initial server creation and initiation, the Endpoint has a Runtime Status indicator that shows the real-time operational state of the server. The current status determines which management actions can be performed. The current state (Runtime Status) of each Local AS2 Server Endpoint is displayed in the Endpoint Record Table and Details page with the following statuses:

  • Starting: Server is starting, but not operational yet.
  • Running: Server is operational and processing connections.
  • Stopped: Server is not running. Especially after a Stop request, it is possible that sessions remain until they disconnect. Utilize the Active Sessions field on the Details page.
  • Error: listen tcp 0.0.0.0:2041: bind: address already in use: Server's IP/Port is in use on another Endpoint (across all Domains).

Auto-Starting Endpoints

Local AS2 Server Endpoints can be configured for auto-start functionality, allowing them to launch automatically if the UDMG server is stopped after initial creation or upon startup of the UDMG server. This setting is established during Endpoint creation and can be modified later.

  • Enabled: The Endpoint automatically starts without manual intervention after the UDMG server is stopped (Auto-start active).
  • Disabled: The Endpoint remains inactive until manually started after the UDMG server is stopped (Auto-start inactive).

To set an to auto-start, follow these steps:

  1. From the Sidebar, select Configuration > Endpoints.
  2. Click the Name of the Endpoint you want to update.
  3. Click Edit.
  4. If the Endpoint is currently auto-started, you can remove the auto-start feature by moving the toggle to the left.
  5. Click Update.
info

The Auto-Start Endpoint status is reflected as the Enabled field on the Details page.

Deleting an Endpoint

To delete an Endpoint, follow these steps:

  1. From the Sidebar, select Configuration > Endpoints.
  2. Click the Name of the Endpoint you want to delete.
  3. Click the Delete button above the Endpoint details.
  4. You will be asked to confirm the deletion. Click Delete.
warning

UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Pipeline). The Configuration Item must be edited or the reference removed before you can delete the Endpoint. Deletion cannot be undone.