Skip to main content
Documentation

Updating Encryption and Signing Certificates

AS2 Partner Certificates are the certificates exchanged between you and your trading partners for message encryption and digital signing. The public certificates exchanged between you and a trading partner expire over time and need to be replaced.

The HTTPS endpoint certificate that secures your AS2 URL is managed automatically by Files.com and does not require manual renewal.

AS2 requires both sides of the partnership to update corresponding certificates at the same time to minimize communication outages.

For example, when your certificate is about to expire, your trading partner applies the new public portion of your certificate at the same time you apply your updated private certificate. When your trading partner's certificate is about to expire, you apply their updated public certificate at the same time they apply their updated private certificate.

You do not need to update your own certificates when a trading partner's certificate expires, and vice versa. You only need to update and exchange the corresponding portions of the expiring certificate.

Coordinate with your trading partner before a certificate's expiration and agree on a change window for applying the updated certificates.

When a test or dev site is available to you, test and verify any certificate changes on the AS2 configuration of that site before applying them to your production site. You can also use a test or dev AS2 partnership connection, where you and your trading partner have agreed upon test or dev AS2 Identities for testing purposes.

Updating Your AS2 Identity Certificate

When the certificate associated with your AS2 Identity expires, you need to exchange the public portion of your new certificate with every trading partner connected to that AS2 Identity.

Edit your AS2 identity to generate a new certificate using our online generator, or generate one using the openssl command and then import it.

Export the public portion of the new certificate and send it to all trading partners that are associated with this AS2 Identity. As this portion is public, it can be sent or shared via email or secure Share Link.

Updating a Trading Partner's AS2 Certificate

When a trading partner's certificate expires, you need to import the new public portion of their certificate into the Trading Partner configuration that corresponds to the trading partner.

Contact your trading partner and ask them to provide their updated public certificate in PEM or CRT format. A PEM or CRT format certificate begins with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----. As this portion is public, it can be sent or shared via email or secure Share Link.