AS2 connector – Etlworks Support

The AS2 connector sends EDI payloads (typically X12 or EDIFACT, but any binary content is allowed) to a trading partner's AS2 endpoint over HTTPS. AS2 (Applicability Statement 2) wraps the payload in S/MIME for signing and encryption and uses Message Disposition Notifications (MDNs) as receipts. The connector is the outbound side of AS2 in Etlworks — for inbound traffic see the AS2 listener.

When to use this connector

Use the AS2 connector as the destination of any flow that needs to deliver a payload to a trading partner over AS2 — the most common case is sending X12 EDI documents (850, 810, 856, 837, 835, …) to a B2B partner who requires AS2. The end-to-end usage walkthrough is in Working with X12 → Send X12 over AS2.

How AS2 send works

For each outbound message:

Etlworks builds the AS2 payload from the flow's source (typically a generated EDI message).
The payload is signed with your local certificate (default SHA-256 with RSA) and encrypted with the partner's public certificate (default 3DES; AES-128-CBC and AES-256-CBC are also available).
The signed-and-encrypted payload is POSTed to the partner's AS2 URL with the appropriate AS2-From, AS2-To, Subject, and Disposition-Notification-* headers.
If Request Synchronous MDN is enabled, the partner returns the MDN as the HTTP response body. Etlworks verifies the MDN signature and MIC and records the outcome.

Create an AS2 connection

Open the Connections window and click +.
Search for AS2 in the gallery. The connector lives under the EDI, Web Services, and APIs groups.
Select AS2 and fill in the parameters described below.

Parameters

Common parameters

Field	What to enter
URL (required)	The trading partner's AS2 endpoint URL (HTTPS). Provided by your partner.
AS2 From (required)	The AS2 identifier sent in the AS2-From header — your local AS2 ID, agreed with the partner.
AS2 To (required)	The AS2 identifier sent in the AS2-To header — the partner's AS2 ID.
Subject	Optional Subject header for the AS2 message.
Request Synchronous MDN	Default true. When enabled, Etlworks requests a synchronous MDN from the partner. The MDN is returned as the HTTP response.
MDN Recipient	Value for the Disposition-Notification-To header.
MDN Options	Optional value for the Disposition-Notification-Options header (used to request a specific signed MDN with a specific MIC algorithm).
Message ID Domain	Optional domain used when Etlworks generates the AS2 Message-ID header.
AS2 Version	Default 1.2. Sent as the AS2-Version header.
Content Type Header	Default application/edi-x12. Set to application/EDIFACT for EDIFACT, application/edi-consent for HIPAA, etc.
Content Transfer Encoding	Default binary. base64 and 7bit / 8bit are also available for partners that require them.

AS2 security

Field	What to enter
Message Type	The S/MIME packaging mode for the outbound payload. Default signed detached encrypted. Other options: plain, signed detached, encrypted.
Signature Algorithm	Default SHA256withRSA. Other options: SHA1withRSA, SHA384withRSA, SHA512withRSA, MD5withRSA.
Encryption Algorithm	Default 3des. Other options: aes-128-cbc, aes-256-cbc.

Signing credentials (local)

Your local credentials — used to sign outbound messages. The partner verifies your signature with the public certificate you've shared with them out-of-band.

Field	What to enter
Signing Certificate	Inline PEM content, a file path under {app.data}, or a keystore reference.
Signing Certificate Type	Format of the signing certificate (PEM, PKCS12, JKS).
Signing Certificate Password	Password for a PKCS12 / JKS keystore. Leave blank for unencrypted PEM.
Signing Certificate Alias	Alias when the keystore holds multiple entries.
Signing Private Key	Inline PEM private key or file path. Required when the signing certificate is PEM.
Signing Private Key Password	Password for an encrypted PEM private key.

Partner encryption certificate

The partner's public certificate — used to encrypt outbound messages so only the partner can decrypt them.

Field	What to enter
Partner Encryption Certificate	Inline PEM, file path, or keystore reference for the partner's public certificate.
Encryption Certificate Type	PEM, PKCS12, JKS.
Encryption Certificate Password	Password for a PKCS12 / JKS keystore.
Encryption Certificate Alias	Alias when the keystore holds multiple entries.

Custom headers, payload, timeout

Field	What to enter
Headers	Optional custom HTTP headers added to the outbound AS2 request, as key/value pairs.
Payload	Optional request body template. In a flow this is normally provided by the source connector / format — leave blank in flow use.
Timeout	Maximum time to wait for the AS2 response (and synchronous MDN), in milliseconds.

Authentication (HTTP layer)

Optional application-level HTTP auth on top of AS2 (rare — AS2 normally relies on TLS and certificates for security).

Field	What to enter
Authentication (required)	Default none. Other options: basic, header, oauth2, and the OAuth2 variants.
User	HTTP username (basic auth) or access-token user value.
Password	HTTP password.
Authorization Header Name	Default Authorization. Used when Authentication is set to header.
Authorization Header Content	Literal header value for header auth.
Access Token Prefix	Default Bearer. Token prefix for header auth.

TLS parameters

Field	What to enter
Client Certificate	Optional client certificate for HTTPS mutual TLS.
Client Certificate Type	PEM, PKCS12, JKS.
Client Certificate Password	Password for the client certificate.
Trust Self-Signed Certificate	Default false. Enable to trust self-signed partner HTTPS certificates — use only for testing.

Diagnostics

Field	What to enter
Save HTTP Code	Default true. Captures the HTTP status code in http_processor_last_http_code for inspection by downstream flow steps.
Save Response Headers	Default true. Captures response headers in http_processor_last_response_headers.

On Connect

Script to Run Before Connect	Optional JavaScript executed before the AS2 connection is opened. Use for late-bound parameter resolution.

Certificate handling

Certificates can be supplied three ways. Pick whichever fits your operational practice:

Inline PEM — paste the certificate / key text directly into the field.
File path — reference a file on the Etlworks server. The {app.data} token resolves to the app-data directory; {app.data}/certs/signing.pem is a typical layout.
PKCS12 / JKS keystore — reference a keystore file or inline content, plus its password and (when the keystore holds multiple entries) the alias.

Receiving AS2: the AS2 listener

This connector handles the outbound direction only. To receive AS2 messages from a trading partner, use the AS2 listener.

Working with X12 → Send X12 over AS2 — end-to-end walkthrough for sending X12 via this connector.
Working with X12 → AS2 send and receive — the AS2 capability summary (algorithms, MDN modes, current limitations).
Working with X12 — the full X12 reference.
Get started with EDI documents — the dialect-agnostic EDI umbrella.

Articles in this section