Remote AS2 Server
A Remote AS2 Server is a type of Endpoint that represents your partner's AS2 Receiver. It is used by UDMG to initiate secure file uploads to your partner's system over the AS2 protocol.
This Endpoint type defines the connection, authentication, and security parameters required for outbound AS2 communications. It functions as the Destination Endpoint within a Pipeline of type UDMG as AS2 Client.
Before You Begin
Partner AS2 Address (URL)
The Partner AS2 Address (URL) defines the HTTPS endpoint of the external AS2 server operated by your trading partner. UDMG uses this address to initiate outbound AS2 connections for file delivery.
This field must contain a valid, fully qualified HTTPS URL, typically including the partner's AS2 endpoint path (for example, https://partner.example.com/as2/receive). The URL should be provided by your partner as part of their AS2 connection configuration.
Local and Remote Partner AS2 Identifier
AS2 identifiers uniquely represent each participant in an AS2 exchange. In every message, these values populate the HTTP headers AS2-From and AS2-To to identify the sender and receiver.
- Local AS2 Identifier: The ID that identifies your organization in outgoing AS2 messages (sent in the
AS2-Fromheader). It must match the identifier configured in your partner's AS2 Receiver for UDMG. - Remote Partner AS2 Identifier: The ID that identifies your partner (sent in the
AS2-Toheader). It must match the identifier your partner's AS2 Receiver uses to represent itself.
Both identifiers are case-sensitive and must exactly match your partner's configuration to avoid message rejection.
Local Private Key and Local X.509 Certificate
AS2 relies on digital signatures and encryption to secure message delivery. Two credentials are required in a Remote AS2 Server Endpoint to establish trust and message integrity:
- Credentials Name (Local Private Key): The private key used by UDMG to sign outbound AS2 messages and decrypt incoming MDNs.
- Credentials Name (Local X.509 Certificate): The public certificate provided by your partner. UDMG uses it to encrypt outbound AS2 messages and verify digital signatures on returned MDNs.
Partner X.509 Certificate
AS2 relies on digital signatures and encryption to secure message delivery. Two credentials are required in a Remote AS2 Server Endpoint to establish trust and message integrity:
- Credentials Name (Partner X.509 Certificate): The public certificate provided by your partner. UDMG uses it to encrypt outbound AS2 messages and verify digital signatures on returned MDNs.
MDN Handling
The following settings control how UDMG handles Message Disposition Notifications (MDNs), which confirm delivery and processing of AS2 messages.
- MDN Disposition Mechanism: Defines whether UDMG expects MDNs synchronously (returned in the same HTTPS session) or asynchronously (returned as a separate HTTP request). The mechanism must match the partner's configuration.
- Asynchronous MDN Receipt Timeout (Minutes): Defines how long UDMG waits for an asynchronous MDN before marking the transfer as timed out. This ensures that missing acknowledgments are handled predictably.
Synchronous MDNs are simpler to configure and troubleshoot, while asynchronous MDNs are preferred for large messages or when partners require decoupled acknowledgments.
Multi-Part Messages
The Allow Multi-Part Messages toggle enables UDMG to support multi-part MIME messages containing multiple files within a single AS2 transmission.
When enabled, UDMG parses multipart/signed and multipart/mixed payloads according to AS2 specifications. Each contained file is extracted, validated, and routed to the configured destination.
If disabled, UDMG expects only single-file payloads and rejects multi-part messages.
Enable this setting only if your trading partner explicitly supports sending or receiving multi-part payloads. Not all AS2 systems handle multi-file messages consistently.
Adding an Endpoint
To add an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click Add Endpoint.
- Select Remote AS2 Server in the Endpoint Type.
- Complete the fields for the new Endpoint using the Field Descriptions table as a guide.
- Click Add to create the Endpoint.
- Click Validate to confirm the connection (connection only, no authentication). See Validating the Configuration.
UDMG allows creating identical Endpoints with unique names, but this practice is strongly discouraged due to potential downstream complications.
Field Descriptions
The following table describes the fields that are configured for the Endpoint:
| Name | Description | Specifications | Required |
|---|---|---|---|
| Endpoint Type | Select Remote AS2 Server to configure an external AS2 server that receives files from UDMG. | The type cannot be changed after creation. | Yes |
| Name | The name of the Remote AS2 Server Endpoint. |
| Yes |
| Description | The description of the Remote AS2 Server Endpoint. | No | |
| Partner AS2 Address (URL) | The full URL for your partner's AS2 Receiver, including port if necessary. | Alphanumeric, URI-safe string | Yes |
| Local AS2 Identifier | Your organization's unique AS2 identifier. It is sent in the AS2-From header and used to match your Certificate for partner binding. | Yes | |
| Remote Partner AS2 Identifier | Your partner's unique AS2 identifier. It is sent in the AS2-To header, and a mismatch may cause the message to be rejected. | Yes | |
| Credentials Name (Local Private Key) | The name of the Private Key used to sign outbound AS2 messages and decrypt encrypted MDNs received in response. This key must correspond to the public certificate shared with your AS2 partner. | Must reference an already created Private Key. | Yes |
| Credentials Name (Local X.509 Certificate) | The name of the X.509 Certificate containing your public X.509 certificate, which matches the private key above and is shared with your AS2 partner to verify your signatures and encrypt MDNs. | Must reference an already created X.509 Certificate. | Yes |
| Credentials Name (Partner X.509 Certificate) | The name of the X.509 Certificate containing your partner's public X.509 certificate, which is used to encrypt outbound AS2 messages and verify their MDN signatures. This certificate must correspond to your partner's private key. | Must reference an already created X.509 Certificate. | Yes |
| MDN Disposition Mechanism | Specifies how MDN receipts are delivered. Options:
| Yes | |
| Asynchronous MDN Receipt Timeout (Minutes) | Maximum time to wait for an asynchronous MDN after sending a message. If no MDN is received within this period, the MDN receipt is marked as timed out. | Default is 1440. | Yes, if MDN Disposition Mechanism is Asynchronous MDN Required. |
| Compress AS2 Payload | When enabled, the message size is reduced using ZLIB compression. | Yes | |
| MIC Digest Algorithm | Specifies the hash algorithm used to generate the MIC (Message Integrity Check) for MDN validation. Options:
|
| Yes |
| Enabled Endpoint | Endpoint's enabled status. | Default is Enabled. | Yes |
Editing an Endpoint
To edit an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoint.
- Click the Name field of the Endpoint you want to edit.
- Click Edit above the Endpoint details.
- Edit the details of the Endpoint using the Field Descriptions table as a guide.
- Click Update.
Endpoint configuration changes are pushed to all Pipelines referencing the Endpoint with immediate effect.
Managing an Endpoint
Viewing Endpoint Details
To view the details of an Endpoint, follow these steps:
- From the Sidebar, click Configuration > Endpoints.
- Click the Name of the Endpoint you want to view.
- Additionally, click the Pipelines tab to see all the Pipelines the Endpoint is associated with.
Endpoint details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
Endpoint Metadata
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this Endpoint. |
| Version | Version number of the configuration. Every change increases the number. |
| Enabled | Endpoint's Enabled status. If enabled, field is set to True. |
| Created | Date and time this Endpoint was created. |
| Updated | Date and time this Endpoint was last updated. |
| Test Status | Status of the Validate Endpoint configuration test. Options:
|
Validating the Configuration
The Endpoint configuration can be validated to confirm whether UDMG can establish a network connection with the external AS2 server.
This validation only checks basic connectivity (reachability and port availability); it does not perform authentication or message exchange.
After clicking the Validate button, one of the following messages appears:
| Result | Message | Description |
|---|---|---|
| Pass | Endpoint has passed the test. | UDMG successfully reached the external AS2 server using the configured address and port. |
| Fail | Endpoint test has failed. dial tcp [address]:[port]: i/o timeout. | UDMG could not reach the external AS2 server at the specified address and port. Review the Endpoint configuration, network path, and firewall settings, then try again. |
Enabling and Disabling an Endpoint
A Remote AS2 Server Endpoint can be Enabled or Disabled to control their active status and ability to participate in file transfers.
- Enabled (default): The Endpoint is active and can participate in file transfers.
- Disabled: The Endpoint is inactive and cannot participate in file transfers.
To enable or disable an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Name of the Endpoint you want to enable/disable.
- Click Edit.
- If the Endpoint is currently enabled, you can disable the Endpoint by moving the toggle to the left.
- Click Update.
Changes to the Endpoint's Enabled and Disabled status are not active until the file transfer is scheduled and triggered.
Deleting an Endpoint
To delete an Endpoint, follow these steps:
- From the Sidebar, select Configuration > Endpoints.
- Click the Name of the Endpoint you want to delete.
- Click the Delete button above the Endpoint details.
- You will be asked to confirm the deletion. Click Delete.
UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Pipeline). The Configuration Item must be edited or the reference removed before you can delete the Endpoint. Deletion cannot be undone.