MFT Gateway is a hosted Software as a Service (SaaS) solution that enables file exchange over the AS2 or SFTP protocol, without the need to install or maintain.
Verify your AS2 configuration, certificates, and partner setup. Use this AS2 compliance checklist to go live securely and without errors.
Indunil Rajapakse
Published: 09 Oct 2025
AS2 (Applicability Statement 2) is a popular protocol for securely transmitting EDI and other business data via the internet. It supports encryption, digital signatures, and message integrity, making it an ideal choice for businesses that require secure and reliable data transmission. Before implementing AS2, businesses must ensure that their systems are properly set up, secure, and fully compliant with partner and protocol standards. A single error, such as an expired certificate, incorrect configuration, or missing MDN, can result in transmission failures and disruptions to business operations. This checklist is intended to help you through the critical technical, security, and operational aspects of AS2 use. When youâre enrolling your initial business partner or launching a complete production introduction, this list helps you to address all important areas for a successful and compliant AS2 setup.
Letâs review the items you want to verify before clicking âGo Live.â
AS2 supports sending documents in any format. If the senderâs system generates a business document, such as an EDI 850 Purchase Order, the document follows the agreed-upon structure and schema between you and your trading partner.
The documents are then prepared for AS2 transfer by guaranteeing that the payload is structured and ready for secure delivery to trading partners.
Encryption: The document is encrypted using the recipientâs public key extracted from their certificate.
Digital Signature: The document is digitally signed using the senderâs private key to verify authenticity.
Compression (Optional): Compress the document to reduce its size.
MIME Encoding: The encrypted and signed document is enclosed in a MIME message.
Securely transferring AS2-packaged communications over the internet using HTTP or HTTPS. It entails delivering the signed/encrypted payload to a trade partnerâs AS2 endpoint and handling the return of an MDN (Message Disposition Notification) to validate successful delivery and processing.
The receiver system decrypts, confirms the signature, and retrieves the original payload. The recipient produces and returns an MDN to serve as a delivery receipt. The MDNs may be:
Synchronous - returns immediately in the same HTTP response.
Asynchronous - delivered later by a new HTTP request.
You are free to select any AS2 solution that best matches your companyâs requirements. Choose an AS2-compliant solution that covers all necessary protocol features, whether open-source or commercial. Create a unique AS2 Identifier (AS2 ID) for your organization; it must be case-sensitive, alphanumeric, and consistent across all partner agreements. Configure your AS2 endpoint URL and ensure that it is externally accessible over HTTPS. Your server should have a static IP address or a fully qualified domain name that resolves properly via DNS and a dedicated firewall port or ports.
An essential part of AS2 security and compliance is certificate management. Digital certificates use public key cryptography, which encrypts and decrypts data using a public and private key combination. The public certificate is shared with AS2 trading partners, while the private key is securely stored by the certificate owner. Digital certificates can be obtained from a reputable commercial certifying authority or self-signed by mutual agreement between sender and receiver.
For message encryption and digital signatures, your AS2 system must at the very least support X.509 digital certificates. Your private key, which is required to decrypt incoming messages and sign outgoing ones, must be generated and stored securely. To encrypt outgoing messages and validate incoming signatures, incorporate your trading partnersâ public certificates into your system. To avoid transmission issues, closely monitor certificate life cycles by keeping track of expiration dates and giving a replacement to your trade partner before they expire.
The AS2 transmission can be secured at several levels during communication. Messages should be digitally signed with the senderâs private key to ensure they are authentic. The recipient verifies the signature using the senderâs public key. To ensure confidentiality, messages are encrypted with the recipientâs public key and decrypted with their private key. AS2 compression emphasizes efficiency and performance. You have the option of applying before or after signing and/or encryption. AS2 additionally employs HTTPS (TLS) at the transport level, which provides an additional layer of encryption and authentication. Security headers, such as Disposition-Notification-Options, must be specified to request signed MDNs if necessary.
AS2 Partner Setup Validation is critical when ensuring consistent and secure data exchange between trading partners. Authenticating the partnerâs AS2 ID, which must be unique, case-sensitive, and correctly configured on both ends. The partnerâs AS2 endpoint URL must be correctly entered and publicly accessible. Import the right public key certificate from the partner to confirm it is active and unexpired. The encryption and signing algorithms, such as AES-256 or SHA-256 must be compatible with the partnerâs capabilities, and any compression should be mutually agreed upon.
When everything is in position, an AS2 message exchange can be a speedy, secure, and consistent way to exchange critical business files. Because every checkpoint is essential to ensure the dependability and compliance associated with your AS2 integration. MFT Gateway provides secure file transfers for enterprise use cases by combining secure transmission protocols, file transmission automation, integration, and administrative features into a single solution without having to purchase, install, or maintain software. It is an all-in-one platform that offers AS2 as a service with flexible pricing plans and usage-based payments. Businesses that use MFT Gateway can handle all of their file transfer requirements with a single solution. Take a fully functional 30-day trial with no restrictions and no credit card necessary!
Do you require an MFT solution? Sign up for our MFT Gateway and start your free trial today!
Join hundreds of organizations already taking full control of their B2B AS2 communications with our trusted solutions. Contact us today to tailor a solution that fits your specific AS2 EDI needs.
No commitment, all value. Try the AS2 Solution Risk-Free and discover how our solutions can transform your business workflows. No credit card required.
See how our AS2 and EDI solutions can simplify your integrations, boost efficiency, and keep you compliantârequest a personalized demo today.