What is AS2?

Overview

AS2 (Applicability Statement 2) is a http based protocol to transmit messages safely, cheaply and quickly.
In the last 20 years AS2 has become the most widely used protocol for EDI in many industries, such as the retail and the consumer goods industry.

How does AS2 work?

To establish an AS2 connection you need two computers, a server and a client. Both connect to the Internet via a point-to-point connection.
In order to transmit the desired data, AS2 creates an ‘envelope’ that enables secure transmission via the Internet using digital certificates and encryption.

What is an AS2 MDN?

MDN (Message Disposition Notification) is an electronic acknowledgement of reception that is sent to the sender via AS2 after an electronic message has been sent. This acknowledgement of reception confirms that the message has been transmitted completely.

The MDN mainly checks two things:

  • Whether the AS2 transfer was successfully completed
  • The message arrived at the desired recipient without change

The process of establishing an AS2 MDN connection is as follows:

  • The sender sends an encrypted EDI message with digital signature to the desired recipient
  • Transmission of the EDI message over the Internet via AS2
  • Message is decrypted by the recipient and the digital signature of the sender is verified
  • Recipient prepares the requested MDN and applies a digital signature. It is then sent back to the sender
  • Sender receives the MDN and verifies the digital signature of the recipient

What you need for AS2?

  • One unique number and one certificate per participant
  • The public keys of all certificates used by your partners

What are AS2 Certificates?

AS2 certificates are important because they enable secure data exchange and meet certain security standards.
You can generate and sign your certificates yourself using software of your choice, or use certificates issued and verified by a trusted certification authority.
These are exchanged in advance with the partner.

What are the benefits of AS2?

  • High level of security, as the data is encrypted
  • Cost-effective, as the transmission takes place via the Internet
  • Synchronous response to a transmission (real-time status)
  • Can be used almost everywhere

What can be possible disadvantages?

  • Bilateral partner management (point-to-point connection, exchange of keys)
  • Open ports for AS2 communication on the firewall
  • High maintenance effort, due to many signed certificates of Trading Partners and/or yourself which will expire and need replacing over time.