Audience: EDI developers, B2B integration teams, AS2 administrators
When to use this article: Orderful does not proactively monitor trading partner AS2 certificate expiration dates or send advance warnings when certificates are nearing expiration. You need to track certificate renewals yourself and coordinate updates with Orderful to prevent AS2 transmission failures.
How AS2 Certificate Management Works in Orderful
AS2 connections require valid certificates on both ends. Here's how certificate management is divided between Orderful and your trading partners:
Orderful's certificates
Orderful proactively renews its own AS2 certificates and notifies affected trading partners before making changes. Orderful's certificate validity periods are:
Generic AS2 certificate: approximately 2,000 days (about 5 years and 5 months)
Custom self-signed certificates: 10 years
CA-issued certificates: 1 year
When Orderful's certificate is nearing expiration, Orderful will send you a proactive warning with enough time to coordinate the update (~ 1 month).
Trading partner certificates
Orderful tracks trading partner AS2 certificate expiration dates.
However, Orderful does not send proactive warnings when a partner's certificate is nearing expiration — that notification is the partner's responsibility.
When a partner renews their certificate, they should notify their AS2 connections (including Orderful) in advance. You should not rely on Orderful to flag upcoming partner expirations for you.
Where to Find Certificate Expiration Dates
AS2 connections are configured on your trading partner's organization in Orderful and managed by Orderful's team as part of the network layer.
As a customer, you don't currently have visibility into certificate expiration dates directly in Orderful. If you need to check an expiration date, contact [email protected] with your trading partner's AS2 ID and Orderful can look it up for you.
Scenario 1: Your Trading Partner's Certificate Is Expiring — Renewal Notice Received
Most trading partners proactively notify their AS2 connections before renewing their certificate. This is the expected and most common scenario. When you receive a renewal notice from your trading partner:
Forward the notice to [email protected] immediately and include:
Your trading partner's AS2 ID (exactly as configured in Orderful)
Your trading partner's AS2 ID (exactly as configured in Orderful)
The new certificate file (
.cer,.crt, or.pem) or certificate textThe planned activation date and time (including timezone)
Whether this affects test, production, or both streams
Any cutover instructions from your trading partner
Orderful will schedule the installation of the partner's new certificate to match their activation timeline.
Hard cutover migrations
Some partners set a firm migration date and time. Expect a short transmission interruption of approximately 5–15 minutes during the cutover window. Orderful will pause deliveries before the cutover, confirm a successful test transaction after the new certificate is installed, then unpause deliveries.
Non-disruptive migrations
Some partners run a testing window during which both the old and new certificates are valid. A test transmission can happen at any time within that window. If the test succeeds, the partner's system automatically switches to the new certificate with no interruption to production traffic.
Scenario 2: Your Trading Partner's Certificate Expired Without Warning
Sometimes a partner's certificate expires without advance notice, causing AS2 transmission failures immediately. You'll typically see errors like:
AS2 transmission failed: Certificate validation error Connection refused: SSL handshake failed
When this happens:
Contact your trading partner immediately to obtain their new certificate
Submit an urgent request to [email protected] with:
Subject line:
URGENT: Expired certificate for [Partner AS2 ID]The new certificate file
Your trading partner's AS2 ID (exactly as configured in Orderful)
Confirmation that the certificate is now active on the partner's end
Orderful will install the partner's new certificate as quickly as possible. Because resolution depends on partner responsiveness, expect a transmission interruption of at least a few hours
Once the certificate is installed, go to Orderful and filter for transactions with a Failed Delivery status for that partner. Use the bulk action to resend all affected transactions
Scenario 3: Orderful's AS2 Certificate Is Expiring
When Orderful's own AS2 certificate is nearing expiration, Orderful will proactively notify you in advance and handle the renewal. You don't need to initiate anything — Orderful manages this process end to end.
When you receive a notification from Orderful about an upcoming certificate renewal:
Share the new certificate with your trading partner. Orderful will provide the updated certificate file. Forward it to your trading partner's EDI or AS2 team so they can install it on their end before the activation date.
Coordinate the activation timeline. Confirm with your trading partner that they've installed the new certificate and are ready for the cutover. Share any timing requirements they have back with Orderful support.
Test after the cutover. Once Orderful activates the new certificate, send a test transaction to confirm the connection is working correctly on both ends.
If your trading partner misses the update and the old certificate expires on their side, AS2 transmissions will fail until they install the new certificate. Follow up proactively — don't wait for failures to surface.
What Happens During Certificate Updates
When Orderful updates a trading partner's certificate:
Scheduling: Orderful coordinates the update timing with your partner's activation schedule
Installation: The new certificate is installed on Orderful's AS2 servers
Testing: Orderful may send a test transmission to verify the connection
Notification: You'll receive confirmation that the update is complete
Downtime: Properly coordinated updates have zero downtime. Emergency updates after expiration may have 2-4 hours of downtime while the certificate is installed.
What to Send Orderful Support
For certificate-related issues, include:
Trading partner's AS2 ID (exactly as shown in your Orderful relationship)
Certificate file (.cer, .crt, or .pem format) or certificate text
Activation timeline from your trading partner
Stream specification (test, production, or both)
Any renewal notice from your trading partner (forward the entire email)
Recent transmission errors if the certificate has already expired
Frequently Asked Questions
Why doesn't Orderful send proactive warnings when partner certificates are expiring?
Certificate renewal is controlled by your trading partners, not Orderful. Partners may renew early, extend existing certificates, or change their renewal schedule without notifying Orderful. Because Orderful doesn't control when or how partners renew, proactive warnings could create false alarms or not account for partner-specific renewal timelines. That said, the product team is thinking about exposing more of this network information directly in Orderful when it's relevant to you — so this may improve in the future.
What if my trading partner's certificate expired but they haven't sent a new one?
Contact your trading partner directly to confirm they have a new certificate ready. If they're unresponsive, Orderful Support can help facilitate the conversation, but Orderful cannot force partners to provide updated certificates.
Do certificate updates affect both test and production streams?
It depends on your trading partner's configuration. Some partners use the same certificate for both streams, others use separate certificates. Always specify which streams are affected when submitting renewal notices to Orderful.
How do I resend transactions that failed during a certificate outage?
In Orderful, filter transactions by Failed Delivery status for the affected trading partner and use the bulk resend action to requeue them after the certificate is updated.