Key Capabilities
- Secure file transfer combining FTP protocol with AS2-style security
- Digital encryption and signature support for enhanced security
- MDN receipt generation and processing for reliable delivery confirmation
- Support for both upload and download operations with filtering
- TLS/SSL support with client authentication capabilities
Overview
Each AS3 connector is configured to exchange files with a single AS3 trading partner. AS3 connectors use the FTP protocol to transfer files, and add security and verification through digital encryption and signatures. Configuring an AS3 trading relationship requires exchanging AS3-specific profile details, such as AS3 identifiers and digital certificates, and the connection details for the target FTP server.Connector Configuration
This section contains all of the configurable connector properties.Settings Tab
Trading Partner Info
Settings for identifying and connecting to a specific AS3 trading partner.| Setting | Description |
|---|---|
| Connector Id | The static, unique identifier for the connector. |
| Connector Type | Displays the connector name and a description of what it does. |
| Connector Description | An optional field to provide a free-form description of the connector and its role in the flow. |
| AS3 Identifier | The AS3 identifier specific to the target trading partner. |
Local Profile
Settings that identify the local AS3 profile.| Setting | Description |
|---|---|
| Local AS3 Identifier | Your AS3 identifier. |
| Private Certificate | The certificate used to decrypt incoming messages and sign outgoing messages. |
| Certificate Password | The password required to access the local private certificate. |
Connection Info
Settings related to connection parameters for the target FTP server.| Setting | Description |
|---|---|
| Host | The hostname or IP address of the FTP server. |
| Port | The port on which to connect to the FTP server. |
| User | The username credential for logging in to the FTP server. |
| Password | The password credential for logging in to the FTP server. |
| TLS Type | How to negotiate TLS/SSL when connecting to the server. Choose Explicit to establish a plain text connection where TLS/SSL is then started with an explicit command. Choose Implicit to immediately negotiate TLS/SSL without establishing a plain text connection. |
| Send Message Security | Whether to sign and/or encrypt outgoing AS3 messages. CData strongly recommends you use signatures and encryption. |
| Receive Message Security | Whether to require that signatures and encryption are present for incoming AS3 messages. An error is thrown if a received message does not have a required security parameter. |
| Compression | Whether to compress the payload of outgoing messages. |
| Connection Timeout | The length of time (in seconds) the connector waits for a connection response before throwing a timeout error. |
MDN Receipts
Settings related to requesting MDNs when sending AS3 messages.| Setting | Description |
|---|---|
| Request MDN Receipt | Whether an MDN receipt should be returned in response to outgoing AS3 messages. CData strongly recommends that you request MDN receipts. |
| MDN Path | The folder path on the server where the partner uploads MDN receipts. |
| Security | Whether the MDN receipt should include a signature block verifying the message integrity and identity of the recipient. Again, CData strongly recommends you use this option. |
Upload
Settings related to how outgoing AS3 messages are uploaded.| Setting | Description |
|---|---|
| Remote Path | The folder path on the remote FTP server where outgoing messages should be uploaded. |
Download
Settings related to how incoming AS3 messages are downloaded.| Setting | Description |
|---|---|
| Remote Path | The folder path on the remote FTP server from which incoming messages should be downloaded. |
| File Mask | A glob pattern that determines which files within the Remote Path should be downloaded (for example, *.txt). |
| Delete files | Whether files should be deleted from the FTP server after they are successfully downloaded. |
Trading Partner Certificates
Settings related to the public certificates provided by the trading partner.| Setting | Description |
|---|---|
| Encryption Certificate | The public key certificate used for AS3 encryption when sending messages. This certificate must be paired with the trading partner’s private certificate, and the trading partner should provide a public key certificate when sharing AS3 configuration details. |
| Verification Certificate | The public certificate used to verify AS3 signatures when receiving messages. This field is often unnecessary; most AS3 parties use the same private certificate for both signing and decrypting. If this field is not specified, the application uses the Encryption Certificate to verify signatures. |
| TLS Server Certificate | The public certificate used to verify the identity of an SSL/TLS server. This is only necessary if the FTP server requires FTPS (FTP over TLS/SSL). If the trading partner does not provide a TLS server certificate, you can leave this setting blank to allow the underlying OS/JVM to perform certificate validation, or it can be set to Any Certificate to unconditionally trust the target server’s identity. |
Advanced Tab
Local Profile
Settings related to client authentication when two-way SSL authentication is required.| Setting | Description |
|---|---|
| Use Profile | Whether to use the Private Certificate configured on the Profiles page as the TLS certificate for client authentication. |
| Private Certificate | The private certificate presented during TLS client authentication. Only applicable if you are not using the same private certificate from the Profiles page. |
| Certificate Password | The password required to access the TLS client certificate. |
Server Commands
Advanced Settings
Settings not included in the previous categories.| Setting | Description |
|---|---|
| Active Mode | Whether to enable Active or Passive mode on the remote FTP server. Passive mode is less likely to result in firewall interference with the connection. |
| Clear Command Channel | Check this to send FTP commands using a cleartext channel instead of an encrypted channel. |
| Clear Data Channel | Check this to have the application use a clear data channel when communicating with the FTP server. |
| Encryption Algorithm | The algorithm to use when encrypting outgoing AS3 messages. |
| EPSV | Check this to use extended passive mode. This might be necessary if you need to use a protocol other than IPv4. |
| Excluded Extensions | A comma-delimited list of file extensions that should not be processed by the connector. |
| FSwitch | Used in conjunction with Simple Dir List. Check this to restrict the directory listing to files only. |
| Local File Scheme | A scheme for assigning filenames to messages that are output by the connector. You can use macros in your filenames dynamically to include information such as identifiers and timestamps. For more information, see Macros. |
| Prot for Implicit TLS | Tells the server that the data channel is protected for implicit TLS connections. Select the TLS type on the Settings tab. |
| Remote Host Address for Passive | Only applicable when Active Mode is not set. Leave blank to have the application parse the remote host to send replies from the previous server response. When this is checked, the application uses the value of the RemoteHost setting instead. |
| Signature Algorithm | The algorithm to use when signing outgoing messages. The same algorithm is requested for the corresponding MDN receipts. |
| Simple Dir List | Check this when you need a simple directory listing command for servers that send back long responses that cannot be parsed. After you set this, if the connector is still unable to parse the directory listing, add the FSwitch setting to restrict the directory listing to files only. |
| TLS Enabled Protocols | The list of TLS/SSL protocols supported when establishing outgoing connections. Best practice is to only use TLS protocols. SSL v2 and SSL v3 are considered vulnerable and should only be used if your partner does not support higher versions. Keep in mind that TLS v1.3 is not universally adopted, and might be refused if the destination server does not support it. |
| Processing Delay | The amount of time (in seconds) by which the processing of files placed in the Transactions tab is delayed. This is a legacy setting. Best practice is to use a File connector to manage local file systems instead of this setting. |
Proxy Settings
Logging
Miscellaneous
Automation Tab
Automation Settings
Settings related to the automatic processing of files by the connector.| Setting | Description |
|---|---|
| Upload | Whether files arriving at the connector should automatically be uploaded. |
| Retry Interval | The number of minutes before a failed upload is retried. |
| Max Attempts | The maximum number of times the connector processes the input file. Success is measured based on a successful server acknowledgement, and validation of the receipt (when requested synchronously). If you set this to 0, the connect retries the file indefinitely. |
| Resend Interval | The number of minutes before unacknowledged messages are resent. A resend is triggered when the server receives the file, but an asynchronous MDN receipt is not provided within the expected timeframe. |
| Max Attempts (async) | The maximum number of times the connector processes the input file when asynchronous receipts are requested. Success is based on the return of an asynchronous receipt within the Resend Interval after a successful server acknowledgement. If a successful server acknowledgement is not returned, Max Attempts is applied instead. If this is set to 0, the connector resends the file indefinitely. |
| Receive | Whether the connector should automatically poll the remote download path(s) for files to download. |
| Interval | The interval between automatic download attempts. |
| Minutes Past the Hour | The minutes offset for an hourly schedule. Only applicable when the interval setting above is set to Hourly. For example, if this value is set to 5, the automation service downloads at 1:05, 2:05, 3:05, etc. |
| Time | The time of day that the attempt should occur. Only applicable when the interval setting above is set to Daily, Weekly, or Monthly. |
| Day | The day on which the attempt should occur. Only applicable when the interval setting above is set to Weekly or Monthly. |
| Minutes | The number of minutes to wait before attempting the download. Only applicable when the interval setting above is set to Minute. |
| Cron Expression | A five-position string representing a cron expression that determines when the attempt should occur. Only applicable when the interval setting above is set to Advanced. |