A complete beginner-friendly guide that explains AS2 in plain language and gives you a step-by-step setup flow.
1. What Is AS2?
AS2 (Applicability Statement 2) is a secure highway for sending EDI files between businesses.
It gives you:
- Encryption → the file is unreadable during transit
- Digital signatures → proves who sent it
- Receipts (MDNs) → confirmation it arrived
- Real-time delivery → no waiting in mailboxes
AS2 is the most popular EDI transport today because big retailers (Walmart, Amazon, Tesco, Sainsbury’s, Boots, Carrefour, etc.) prefer it.
2. What You Need Before Starting AS2 Setup
Every AS2 connection requires five basic ingredients.
Think of it as a recipe.
If even one ingredient is missing, the setup won’t work.
1. AS2 ID (Your ID)
A unique name that identifies you.
Example:YOURCOMPANY_AS2
2. Your URL (Your AS2 Endpoint)
The URL where you receive AS2 messages.
Example:https://as2.company.com/as2/receive
3. Certificates
You need two pairs:
- Public certificate you send to your partner
- Private certificate you keep (for signing & decrypting)
Your partner also gives you their public certificate.
4. Partner’s AS2 ID
Like yours, but for them.
YOURTRADINGPARTNER_AS2
5. Partner’s AS2 URL
Where you send files to.
3. How AS2 Communication Works
You → encrypt the file with partner’s public certificate
You → sign the file with your private certificate
You → send it to partner’s AS2 URL
Partner → decrypts using their private certificate
Partner → verifies signature using your public certificate
Partner → sends back an MDN receipt
You → confirm MDN → end of flow
This cycle repeats for every EDI document.
4. Step-by-Step AS2 Setup
Below is the universal process that works for:
- Boomi
- MuleSoft
- SAP PI
- Seeburger
- Cleo Harmony
- IBM Sterling
- Custom AS2 servers
Step 1: Exchange AS2 IDs & URLs
Both sides share:
| Parameter | You Provide | They Provide |
|---|---|---|
| AS2 ID | YOURCOMPANY_AS2 | TRADINGPARTNER_AS2 |
| AS2 URL | https://as2.yourcompany.com/as2 | https://as2.tradingpartner.com/as2 |
| Public Certificate | ✔️ | ✔️ |
| Name of the Business Partner | YOURCOMPANY | TRADINGPARTNER |
| Test & Production Endpoints | ✔️ | ✔️ |
This is called the trading partner profile.
Step 2: Exchange Certificates
Each side sends:
- Public certificate (for encryption / signature validation)
- Details of certificate expiry
- Certificate format (usually
.ceror.pem)
Best practice:
- Use separate certificates for test & production.
- Rotate certificates before they expire.
Step 3: Configure Outbound AS2 (You → Partner)
You configure how you send documents.
You set:
- Partner’s AS2 ID
- Partner’s AS2 URL
- Partner’s public certificate (for encryption)
- Your private key (to sign messages)
- AS2 MDN settings (Synchronous is most common)
- Compression (optional)
- Content type (usually
application/edi-x12orapplication/edifact)
Important outbound settings:
- Signing: SHA256
- Encryption: AES256 or 3DES
- MDN: Synchronous (most common)
- AS2 version: 1.2
Step 4: Configure Inbound AS2 (Partner → You)
You configure how you receive documents.
You set:
- Your AS2 ID
- Your inbound URL
- Your private certificate (to decrypt)
- Partner’s public certificate (to validate signature)
Important inbound settings:
- Check “Expect signed messages”
- Check “Expect encryption”
- Set folder or endpoint where inbound files land
- Enable MDN: “Send back synchronous MDN”
Step 5: Test Connectivity (AS2 Ping / AS2 Test File)
Partner sends a small test file:
- Usually a dummy text file or a small EDI file
- Validates certificates, signing, encryption, MDN
You can do the same test by sending dummy text file or small EDI to test connectivity with your trading partner.
If this succeeds → connection is alive.
Step 6: Test Real EDI Documents
Send and receive real EDI messages:
- DESADV
- INVOIC
- ORDERS
- INSDES
Check:
- Partner receives them
- MDN returns positive
- Your system processes inbound files
This is the UAT phase.
Step 7: Move to Production
Once test is successful:
- Exchange production certificates
- Update AS2 URLs to production
- Retest real files
- Go live
5. Troubleshooting AS2
| Problem | Likely Cause | Fix |
|---|---|---|
| Certificate error | Wrong certificate / expired | Replace with new certificate |
| No MDN received | Partner cannot reach your URL | Check firewall, ports, URL |
| Signature validation failed | Wrong public cert used | Import partner’s correct certificate |
| Decryption failed | Wrong private key | Ensure your private key matches the public cert |
| 500, 400, 403 errors | Network block / content type mismatch | Adjust headers, check gateway |
| Files arriving but empty | Wrong encoding | Switch to binary mode |
6. AS2 Best Practices
Here’s the guidance that makes you sound expert and visionary:
- Always create separate test and production profiles
It avoids confusion and downtime.
- Keep certificates renewed 30 days before expiry
Expiry is the #1 cause of AS2 failures.
- Use the partner’s latest certificate for outbound
Never reuse old ones.
- Enable detailed logging
AS2 debugging becomes much easier.
- Always store MDNs
They serve as legal proof of delivery.
- Validate file size limitations
Some partners reject >20MB files.
7. Security Concepts
Digital Signature
Confirms who sent the file and that it wasn’t modified.
Encryption
Makes the file unreadable during transit.
MDN Receipt
Partner says:
“Yes, I got your file and I’ve verified it.”
Non-Repudiation
Legal protection – nobody can deny sending/receiving.
AS2 Explained With a Real-Life Analogy: The Secure Courier System
Imagine two companies want to exchange important documents – not over email, not by post, but through a specialised secure courier service.
This courier system works like this:
Step 1: Both Sides Set Up Their Identities
Before they can send anything, both companies need:
- A nameplate on their building → AS2 ID
- An official delivery address → AS2 URL
- A trusted identity badge → Public certificate
This tells the courier who the sender is, where to deliver, and how to verify authenticity.
Step 2: Agree on Security Rules
Both companies exchange their identity badges (certificates) so they can recognise each other.
It’s like saying:
“Here’s my badge. When my courier arrives, check this badge to be sure it’s really from me.”
You do the same with theirs.
This is certificate exchange.
Step 3: Configure How Parcels Will Be Delivered
Now both sides decide:
- Should the parcel be locked? → Encryption
- Should the parcel have a tamper-proof seal? → Signing
- Should the receiver send a delivery receipt? → MDN
- What type of parcel are we sending? → Payload format
This step makes sure the rules are aligned, like agreeing on:
“We will padlock the box, seal it, and you must sign a receipt the moment it arrives.”
Quick AS2 Setup Checklist
You provide to partner:
- AS2 ID
- AS2 URL
- Public certificate
- Contact details
You need from partner:
- AS2 ID
- AS2 URL
- Public certificate
- Content types they accept
- MDN settings
- Encryption & signature algorithms
You configure:
- Outbound AS2 profile
- Inbound AS2 listener
- Certificates
- MDN
- Logging
- Integration routing