MFT Gateway is a hosted Software as a Service (SaaS) solution that enables file exchange over the AS2 or SFTP protocol, without the need to install or maintain.
Start Free Trial
AS2
AS2 Compliance Checklist: Key Steps Before Going Live
Verify your AS2 configuration, certificates, and partner setup. Use this AS2 compliance checklist to go live securely and without errors.
Indunil Rajapakse
Published: 09 Oct 2025
AS2 (Applicability Statement 2) is a popular protocol for securely transmitting EDI and other business data via the internet. It supports encryption, digital signatures, and message integrity, making it an ideal choice for businesses that require secure and reliable data transmission. Before implementing AS2, businesses must ensure that their systems are properly set up, secure, and fully compliant with partner and protocol standards. A single error, such as an expired certificate, incorrect configuration, or missing MDN, can result in transmission failures and disruptions to business operations. This checklist is intended to help you through the critical technical, security, and operational aspects of AS2 use. When youâre enrolling your initial business partner or launching a complete production introduction, this list helps you to address all important areas for a successful and compliant AS2 setup.
Letâs review the items you want to verify before clicking âGo Live.â
How Does AS2 Message Flow Work?
đ Document Preparation
AS2 supports sending documents in any format. If the senderâs system generates a business document, such as an EDI 850 Purchase Order, the document follows the agreed-upon structure and schema between you and your trading partner.
đŚ AS2 Packaging
The documents are then prepared for AS2 transfer by guaranteeing that the payload is structured and ready for secure delivery to trading partners.
-
Encryption: The document is encrypted using the recipientâs public key extracted from their certificate.
-
Digital Signature: The document is digitally signed using the senderâs private key to verify authenticity.
-
Compression (Optional): Compress the document to reduce its size.
-
MIME Encoding: The encrypted and signed document is enclosed in a MIME message.
đ¨ AS2 transmission
Securely transferring AS2-packaged communications over the internet using HTTP or HTTPS. It entails delivering the signed/encrypted payload to a trade partnerâs AS2 endpoint and handling the return of an MDN (Message Disposition Notification) to validate successful delivery and processing.
âď¸ Receiving and validating the AS2 message
The receiver system decrypts, confirms the signature, and retrieves the original payload. The recipient produces and returns an MDN to serve as a delivery receipt. The MDNs may be:
-
Synchronous - returns immediately in the same HTTP response.
-
Asynchronous - delivered later by a new HTTP request.
AS2 Communication Requirements
You are free to select any AS2 solution that best matches your companyâs requirements. Choose an AS2-compliant solution that covers all necessary protocol features, whether open-source or commercial. Create a unique AS2 Identifier (AS2 ID) for your organization; it must be case-sensitive, alphanumeric, and consistent across all partner agreements. Configure your AS2 endpoint URL and ensure that it is externally accessible over HTTPS. Your server should have a static IP address or a fully qualified domain name that resolves properly via DNS and a dedicated firewall port or ports.
Digital Certificates
An essential part of AS2 security and compliance is certificate management. Digital certificates use public key cryptography, which encrypts and decrypts data using a public and private key combination. The public certificate is shared with AS2 trading partners, while the private key is securely stored by the certificate owner. Digital certificates can be obtained from a reputable commercial certifying authority or self-signed by mutual agreement between sender and receiver.
For message encryption and digital signatures, your AS2 system must at the very least support X.509 digital certificates. Your private key, which is required to decrypt incoming messages and sign outgoing ones, must be generated and stored securely. To encrypt outgoing messages and validate incoming signatures, incorporate your trading partnersâ public certificates into your system. To avoid transmission issues, closely monitor certificate life cycles by keeping track of expiration dates and giving a replacement to your trade partner before they expire.
AS2 Security Settings
The AS2 transmission can be secured at several levels during communication. Messages should be digitally signed with the senderâs private key to ensure they are authentic. The recipient verifies the signature using the senderâs public key. To ensure confidentiality, messages are encrypted with the recipientâs public key and decrypted with their private key. AS2 compression emphasizes efficiency and performance. You have the option of applying before or after signing and/or encryption. AS2 additionally employs HTTPS (TLS) at the transport level, which provides an additional layer of encryption and authentication. Security headers, such as Disposition-Notification-Options, must be specified to request signed MDNs if necessary.
AS2 Partner Setup Validation
AS2 Partner Setup Validation is critical when ensuring consistent and secure data exchange between trading partners. Authenticating the partnerâs AS2 ID, which must be unique, case-sensitive, and correctly configured on both ends. The partnerâs AS2 endpoint URL must be correctly entered and publicly accessible. Import the right public key certificate from the partner to confirm it is active and unexpired. The encryption and signing algorithms, such as AES-256 or SHA-256 must be compatible with the partnerâs capabilities, and any compression should be mutually agreed upon.
Conclusion
When everything is in position, an AS2 message exchange can be a speedy, secure, and consistent way to exchange critical business files. Because every checkpoint is essential to ensure the dependability and compliance associated with your AS2 integration. MFT Gateway provides secure file transfers for enterprise use cases by combining secure transmission protocols, file transmission automation, integration, and administrative features into a single solution without having to purchase, install, or maintain software. It is an all-in-one platform that offers AS2 as a service with flexible pricing plans and usage-based payments. Businesses that use MFT Gateway can handle all of their file transfer requirements with a single solution. Take a fully functional 30-day trial with no restrictions and no credit card necessary!
Do you require an MFT solution? Sign up for our MFT Gateway and start your free trial today!
Talk to an EDI Expert
Stay Compliant. Stay Connected. Powered by AS2.
Join hundreds of organizations already taking full control of their B2B AS2 communications with our trusted solutions. Contact us today to tailor a solution that fits your specific AS2 EDI needs.
Request a demo and take a live look at all the features of our AS2 EDI solutions.
Get answers to your questions and explore customizations that we can offer tailored specifically for you.
Get to know the dedicated deployment option available for your specific use cases.
Related Articles
View All BlogsExplore our product stack
Try before you buy with a 30-day Free Trial
No commitment, all value. Try the AS2 Solution Risk-Free and discover how our solutions can transform your business workflows. No credit card required.
Driving Innovation, Simplifying Connections.
EDI via AS2
30-day Free Trial
Secure and Compliant
