Skip to main content
Version: 4.17.10

Outbound AS2 component

The Outbound AS2 component provides a secure endpoint for sending AS2 messages. AS2 (Applicability Statement 2) is a protocol used to securely exchange business messages (like invoices, orders, or reports) over the internet.

Configuration

The Outbound AS2 component has the following configuration options:

Host

Hostname of the AS2 server.

Port

Port of the AS2 server.

Uri

The Request URI (or path) for the AS2 message. This is the path on the recipient's server that comes after the host and port. For example: /path/of/uri.

From

AS2 name of the sender. This sets the value of the AS2From header of the AS2 message.

To

AS2 name of the recipient. This sets the value of the AS2To header of the AS2 message.

Subject

Message subject. This sets the value of the Subject header of the AS2 message.

Message content type

The content type of the AS2 message. The following options are available:

  • application/edifact (default)
  • application/edi-x12
  • application/edi-consent
  • application/xml

The default is application/edifact which is mostly used.

Message structure

The security and compression operations applied to the outgoing AS2 message. You must select one of the following operations:

  • SIGNED
  • ENCRYPTED
  • SIGNED_ENCRYPTED
  • COMPRESSED_SIGNED
  • SIGNED_COMPRESSED
  • ENCRYPTED_COMPRESSED
  • ENCRYPTED_COMPRESSED_SIGNED (default)
  • ENCRYPTED_SIGNED_COMPRESSED

Recommended is to use at least SIGNED_ENCRYPTED. Note that in the case of COMPRESSED_SIGNED, the message is first compressed and then signed. And for SIGNED_COMPRESSED the message is first signed and then compressed.

Signing Algorithm

The signing algorithm in AS2 is a way to ensure the authenticity and integrity of the message sender and the data being transmitted. The default algorithm is SHA256WITHRSA.

The following algorithms are supported:

  • SHA3_224WITHRSA
  • SHA3_256WITHRSA
  • SHA3_384withRSA
  • SHA3_512WITHRSA
  • MD5WITHRSA
  • SHA1WITHRSA
  • MD2WITHRSA
  • SHA224WITHRSA
  • SHA256WITHRSA (default)
  • SHA384WITHRSA
  • SHA512WITHRSA
  • RIPEMD128WITHRSA
  • RIPEMD160WITHRSA
  • RIPEMD256WITHRSA
  • SHA224WITHDSA
  • SHA256WITHDSA
  • SHA384WITHDSA
  • SHA512WITHDSA
  • SHA3_224WITHDSA
  • SHA3_256WITHDSA
  • SHA3_384WITHDSA
  • SHA3_512WITHDSA
  • SHA1WITHDSA
  • SHA3_224WITHECDSA
  • SHA3_256WITHECDSA
  • SHA3_384WITHECDSA
  • SHA3_512WITHECDSA
  • SHA1WITHECDSA
  • SHA224WITHECDSA
  • SHA256WITHECDSA
  • SHA384WITHECDSA
  • SHA512WITHECDSA
  • SHA1WITHPLAIN_ECDSA
  • SHA224WITHPLAIN_ECDSA
  • SHA256WITHPLAIN_ECDSA
  • SHA384WITHPLAIN_ECDSA
  • SHA512WITHPLAIN_ECDSA
  • RIPEMD160WITHPLAIN_ECDSA
  • SHA1WITHRSAANDMGF1
  • SHA224WITHRSAANDMGF1
  • SHA256WITHRSAANDMGF1
  • SHA384WITHRSAANDMGF1
  • SHA512WITHRSAANDMGF1
  • SHA3_224WITHRSAANDMGF1
  • SHA3_256WITHRSAANDMGF1
  • SHA3_384WITHRSAANDMGF1
  • SHA3_512WITHRSAANDMGF1

The first part of the algorithm name refers to the hash function used to create a message digest (MIC), which is then signed. SHA-256 and SHA-512 are part of the Secure Hash Algorithm 2 (SHA-2) family, which is the current industry standard. SHA-2 algorithms (like SHA-256 and SHA-512) are widely supported and recommended in the AS2/EDI community, replacing the deprecated SHA-1. While SHA-3 (e.g., SHA3_256WITHRSA) is the newest NIST standard, SHA-2 is still the most prevalent and fully trusted choice. You can use SHA-3, but SHA-256 or SHA-512 are the safer defaults for maximum compatibility across trading partners.

The second part of the algorithm name refers to the public-key cryptosystem used for the actual signature. RSA is the traditional and most widely compatible choice. It's robust and used by virtually all AS2 systems. ECDSA: Elliptic Curve Digital Signature Algorithm (ECDSA) offers equivalent security to RSA with significantly smaller key sizes. This results in faster performance (signing and verification) and smaller signatures. SHA256WITHECDSA is a good choice, but you must confirm that your trading partner's AS2 system supports it. Avoid other options.

P12 File

The file containing your organization's private key and public certificate required to sign the outgoing AS2 message.

The P12 format is formally defined by the PKCS #12 (Public-Key Cryptography Standards #12) specification. It is also often referred to by the file extension .pfx (Personal Information Exchange).

Alias

The certificate alias (or friendly name) associated with your private key within the P12 file.

Password

The password used to unlock and access the private key within the P12 file.

Encrypting Algorithm

The algorithm used to encrypt the message using the recipient's public certificate.

Public certificate file

Encrypt the message with a public certificate file provided by the receiver.

Insecure transport

Enable to use plain HTTP (not encrypted). Insecure transport should be only used for testing.

Last update on Nov 05, 2025