Layer Security
Layer Security
Layer Security

LS-Peppol Specifications

Full-featured and powerful, yet small and simple, ebMS3/AS4 server custom-built for Peppol.

LS-Peppol is a small, fast, efficient, and feature-rich ebMS3/AS4 server designed for business software applications needing an easy way to directly send and receive documents on the Peppol network.

Overview

LS-Peppol makes it easy to self-host your own Peppol server.

It has been custom-built to be easy to install, manage and run, so that you can be your own certified Peppol Service Provider, and effortlessly exchange documents on the Peppol network.

Packed inside a tiny (4 MB) executable, LS-Peppol provides a powerful, all-in-one Peppol server which seamlessly integrates both an ebMS3/AS4 Access Point (AP) and a Service Metadata Publisher (SMP).

Applications can easily send/receive Peppol documents and manage the LS-Peppol server using the simple-to-use companion LS-Peppol client (LS-B2B).

LS-Peppol has many advanced features including strong security, server management, certificate provisioning, recipient discovery, multi-level authorisation, statistics, and conformance to all the Peppol and related international standards.

Architecture

LS-Peppol is a simple, all-inclusive, tiny (4 MB) and highly efficient server.

All aspects of being on the Peppol network are supported including:

  • Messaging - AS4 (push, pull), lookups (SMP, SML), provisioning (SMP, SML, Peppol Directory), etc.

  • Operations - logging, notifications, security, certificate renewal, etc.

  • Management - statistics, provisioning, auditing, etc.

Notably, LS-Peppol seamlessly integrates all required servers and clients into a single executable:

  • 6 inbuilt servers – gateway, SMP, lookup, certificate, provisioning, and reporting.

  • 10 inbuilt clients – AS4, SML, SMP, register, credentials, OCSP, licence, audit, email, and database.

LS-Peppol architecture showing all the internal modules and routes
LS-Peppol architecture showing all the internal modules and routes

Features

Product

  • Fast, secure, ebMS3/AS4 messaging server

  • Easy to configure, monitor and manage

  • Database for authorisation, statistics, and reporting

  • Standards compliant including Peppol.

Access Point (AP)

  • Full featured Peppol Access Point (AP)

  • AS4 signing and payload encryption

  • Integrated SML client (for dynamic discovery of recipients)

  • Integrated SMP client (including Peppol wildcard matching)

Service Metadata Provider (SMP)

  • Integrated Peppol SMP server

  • Automated synchronisation with SML and Peppol Directory

  • Automated sender registration (optional)

  • Support for wildcards and multiple locators.

Standards

  • Peppol AS4 (2.0.2) and Peppol SMP (1.3.0)

  • Peppol SML (1.2.0) and Peppol Directory (1.1.1)

  • Peppol PINT and wildcard scheme

  • Peppol Statistics Reporting (Transaction 1.0.2, End User 1.1.1)

  • Peppol Code Lists (8.8)

  • Peppol Identifiers (4.2.0)

  • Peppol SBDH (2.0.1)

    (and all other current Peppol standards)

Security

  • Message signing (e.g. AS4 receipts, SMP responses)

  • Digital signature checking including certificate chain verification

  • Certificate revocation checking (OCSP)

  • Delegated administration with strong authentication and authorisation

  • TLS on all connections (v1.2/v1.3 with TLS SNI extension).

Management

  • Automated server credential provisioning and renewal

  • Automated client certificate issuance

  • Support for manager (credentialed) and hub (managed) parties

  • Database for authorisation, statistics, and reporting

  • Notifications of alarms and alerts to an email address

  • Comprehensive documentation.

Operations

  • Simple XML configuration file

  • Easy to install – requires no special privileges or OS packages (other than the database)

  • Fast and efficient - with exceptionally low memory and CPU requirements

  • Minimal footprint - just consisting of an executable and environment files (e.g. configuration, keystores, logs)

  • Ability to listen on multiple ports and auto-detect TLS

  • Flexible tracing and logging - with options for log retention, log file compression, and using Syslog.

Specifications

Size

Download package

4 MB (GZIP)

Executable

4 MB

Disk usage

20 MB (plus space for spool area and log files)

Performance

Start-up time

< 1 second

Network speed

Near wire speed (mostly limited by remote server)

CPU usage

< 1% average load on any modern computer

System Requirements

Hardware

Any modern server system

Operating System

Linux glibc 2.17 or later (64-bit)

OS Packages

MariaDB-Server

Protocols and Security

Protocols

HTTP (1.1), HTTPS, TLS (1.2, 1.3), TLS Extensions (SNI), Mutual TLS (MTLS), Proxy, UDP, DNS, REST, AS4 (ebMS3), SOAP, WS-Security, ACME (Let’s Encrypt), OCSP, SMP (Oasis), BDXL (Oasis)

Data formats

XML, SBDH, MIME, JSON, X.509 (certificates), PKCS#7 (CMS, certificates), PKCS#8 (private key), PKCS#10 (CSR), JWS (signatures), JWK (keys)

Algorithms

RSA (public key), AES (symmetric key), SHA-2 (hash family), PKCS#1 (signing), LZW (GZip)

Keystores

PEM (TLS, AP, SMP)

Open-Source Components (embedded)

OpenSSL

V3.3.0 - licensed under OpenSSL License

Zlib (compression)

V1.3.1 - licensed under Zlib License

MariaDB Connector/C

V3.3.8 - licensed under LGPL