Implementing AS2 Protocol exercise

expanding our community knowledge

EDUCATIONAL SERIES: EXERCISE

Why AS2?

  Large wholesale and retail providers, as well as major trucking firms, use the AS2 protocol. Based on this requirement, all their suppliers are asked to send invoices, purchase orders, and other B2B trading messages via AS2 or SFTP. The growing trend is AS2. Wrapped inside this transport protocol, all but a few use EDI, which we will discuss in a separate thread. In this format and later in audio and video, we will explain how to get started with the AS2 protocol and send and receive AS2 messages. using our AS2 In this discussion we will use, our choice, OpenAS2, and an application that provides AS2 capabilities. In our example, we will be sending EDI messages between AS2.LOADTALK.ME and AS2.VERIFY.ME.

step 1 - required for Implementing AS2 (Our LaB Environment)

   In this exercise, we are using our two groups — LOADTALK.ME and VERIFYMC.ME, each with an instance of OpenAS2 running on a virtual server.

  • LoadTalk - ASA.LOADTALK.ME is the destination and has a static conduit through a Cisco Firewall.
  • VerifyMC - ASA.VERIFY.ME is the destination and has a static conduit through a Cisco Firewall.
  • Firewall Access List - Both have a "Cisco Access-List" that limits access to only partners AS2, a Best Practice.
  • Messages - We have some sample messages for sending EDI messages from their C:\EDI\Outbound and C:\EDI\Inbound folders. 
  • OpenAS2 Application - We are using OpenAS2, a Java program downloaded and expanded into the C:\OpenAS2 folder.
  • Operating Systems - We use Windows for the exercise and recommend Ubuntu Linux for larger organizations. OpenAS2 can run on Windows, MAC or Linux. 

About Our Systems

  •  Humintuit™ Protocol In Action with AS2 We use our own protocol to securely monitor and, as needed, manage operations. All parts of our systems have extensive logging that is shipped in real time to a redundant site, surpassing all  Federal Motor Carrier Safety Regulations (FMCSRs), Healthcare (HIPAA), and all State and Local regulations. Our AI assures we keep all records as required, and unlike most corporations, we like to talk about our redundancy, disaster recovery, and security. Our security is integrated into our philosophy, which states, "All user information is private," and our systems meet or exceed DOD, NIST 800, and HIPAA standards using user-controlled ECC (Curve25519) keys. We transmit mail using a matching TLS-only secure handshake, making all transactions encrypted email. 
  • VERA BOT (Verification EDI Relay Assistant) - VERA handles all the EDI messaging between the AS2 inbound and outbound folders and is monitored by Ellie, our AI, or Super Grok via an API.
  • REID BOT (Redundant Encrypted Information Distribution) - REID keeps both our primary and backup AS2 installations in sync. Either one can take over the other's primary operations in a few minutes with no loss of information. REID is graduating to Agentic AI. 

Step 2 - The Role of Passwords in AS2 Certificates

  Passwords play a vital role in securing AS2 certificates, primarily by protecting the private key—the most sensitive component of the certificate bundle. In AS2 implementations, such as those using OpenAS2 or similar tools, certificates are often stored in password-protected formats, such as PKCS#12 (.PFX), to prevent unauthorized access.  This is part of the EDIINT AS2 standard.  Generate passwords before you begin.  If you can type them, they aren't complicated enough. 

  Many AS2 setups recommend using a blank or simple password for internal server use (e.g., when installing on a secure system), but stronger passwords are advised for files that are shared or stored in less secure environments. Ultimately, passwords add a layer of defense-in-depth, complying with standards like EDIINT and helping meet regulatory requirements such as HIPAA or GDPR in data-sensitive industries.

Step 3 - Generating AS2 Certificates

 We encourage you to stop and handle this as a separate exercise.  We have built our own PEM to PFX Converter that will help. Follow the link, and the page will walk you through everything needed to create the correct bundled certificate. It will also save you hundreds of dollars a year.

If you need help or are just busy, we have a service that costs much less than sites charge for certificates, and our systems have reminders and can help communicate with the other side.  We also have a private cloud that securely delivers the certificates to you.  It has space and tools to help keep all your certificates and config files backed up.

STEP 4 - Installing openas2

  This installation exercise is for Windows. If you are on Linux, Unix, or a MAC, check with us; the documentation may be ready. You need a dedicated IP address on your machine and a static conduit with an outside publicly accessible IPv4 address.  More one that later.

For servers (e.g., those running AS2 software like Mendelson on Java or Apache-based setups), passwords are used to secure keystores or truststores where certificates are loaded—preventing unauthorized modifications that could disrupt partnerships or expose vulnerabilities. They also protect administrative interfaces, SSH access, or API endpoints used for monitoring AS2 traffic, reducing the risk of remote exploits. In the case of firewalls, such as Cisco models commonly referenced in AS2 documentation, passwords safeguard configuration files, VPN tunnels, or access control lists (ACLs) that regulate inbound/outbound traffic on ports like 80/443 (HTTP/S for AS2). For instance, a Cisco firewall might require passwords for enabling port forwarding to an internal AS2 server with a public IP, ensuring only authorized admins can adjust rules that expose the server to the internet. The "why" boils down to risk mitigation: AS2 often involves public-facing endpoints (as seen in configurations with URLs like http://my-public-ip:10080), making servers and firewalls prime targets for attacks. Strong passwords, combined with multi-factor authentication where possible, help enforce least-privilege principles, comply with security best practices, and maintain the reliability of EDI exchanges by preventing downtime from breaches.

Passwords in the Context of Firewalls and Servers for AS2

When deploying AS2 on servers and behind firewalls, passwords are essential for both access control and secure configuration, ensuring that the infrastructure supporting EDI communications remains protected. Cisco, as an example, requires this kind of bundled certificate.  Read the entire explanation …

This is paragraph text. Click it or hit the Manage Text button to change the font, color, size, format, and more. To set up site-wide paragraph and title styles, go to Site Theme.

Why The Movement Of Goods Depend on Reliable, Efficient and Dependable Communications Tools that include AS2, EDI, SFTP, and LoadTalk

The heart of every nation, all over the world, runs on the movement of goods in many shapes and sizes, some frozen, some fresh, most in boxes, bags, or pallets. Commerce is the lifeblood of the world.  All of it, transported by truck, plane, ship, even bikes and drones.  They all require a communications infrastructure capable of handling the paperwork and challenges brought on by fraud and AI. LoadTalk and Verify MC tackle the challenge, outpace the competition. 

We are the only private AI-centric system that offers 100% privacy and security. With Humintuit (hu·​min·​tu·​it) engineered technology, anyone can use our products and services.  And when you need help, just pick up the phone and talk to a real person—no bots, no barriers." Learn more

Open AS2

  OpenAS2  is a Java-based implementation of the EDIINT AS2 standard. It's what we use from multiple locations.  It is needed when partners require AS2 for EDI communications.  It is extremely configurable and supports a wide variety of signing and encryption algorithms.
 

  OpenAS2  supports very high traffic volume, allowing parallel processing of files per partner.  OpenAS2 at Source Forge.  Interested in why we chose OpenAS2 over paid versions, and why we will support their Open Source effort as a company.  Reach out, we'll be happy to explain why.




Our Privacy Exceeds EU Standards

LoadTalk

What does Salina turda salt mine romania have to do with AS2