Audience: EDI developers, AS2 administrators, trading partner technical contacts
When to use this article: Use this when an AS2 message fails with a signature verification error and an integrity-check-failed MDN disposition, either on messages your trading partner sends to Orderful or on messages Orderful sends to your trading partner.
Error Details
Use case 1: Your trading partner sends an AS2 message and Orderful rejects it
Orderful sends back an MDN.
No transaction is created in Orderful.
MDN format:[...]
The signature of the sender [AS2-ID] couldn't be verified as the signature was generated with a certificate that isn't on file. The message hasn't been processed by the receiver.
[...]
Disposition: automatic-action/MDN-sent-automatically; processed/error: integrity-check-failed
[...]
Use case 2: Orderful sends an AS2 message to your trading partner and your partner rejects it
Your partner sends back an MDN.
The transaction delivery status becomes Failed.
MDN format:[...]
Disposition: automatic-action/MDN-sent-automatically; processed/error: integrity-check-failed
[...]The partner's error message may describe the problem slightly differently depending on their AS2 software, but the
integrity-check-faileddisposition is the consistent indicator in both directions.
What This Error Means
AS2 messages are digitally signed to verify the sender's identity.
When a message is received, the receiving system checks the signature against the sender's public certificate that was configured when the AS2 connection was set up.
If the certificate used to sign the message no longer matches what's on file — for any reason — signature verification fails and the message is rejected via a negative MDN.
This always comes down to the same root cause: the certificate being used to sign messages on one side by the sender isn't the same as the certificate being used by the receiver to check the sender's identity. There's a certificate mismatch on either AS2 configurations.
How to Resolve It
If your trading partner sent a message to Orderful and it was rejected: Orderful needs the partner's updated certificate. Contact your trading partner, request their current AS2 signing certificate, and submit it to Orderful support (see below).
If Orderful sent a message to your trading partner and they rejected it: Your trading partner needs Orderful's current certificate. Contact [email protected] to obtain the current Orderful AS2 certificate and share it with your trading partner so they can update their configuration.
Fix 1: Certificate issue on your trading partner's side
Use this fix when your trading partner is the sender and Orderful is rejecting their messages with an integrity-check-failed MDN. This means the certificate your partner is using to sign their messages no longer matches what Orderful has on file.
Step 1 — Get the updated certificate from your trading partner
Contact your trading partner and ask them to confirm whether their AS2 certificate has recently changed
Request their current AS2 signing certificate in one of these formats:
.ceror.pemor.txtfileConfirm which environment is affected (test, production, or both)
Ask for the approximate date and time when the certificate changed
Important: Do not request private keys — Orderful only needs the public certificate for signature verification.
Step 2 — Submit the certificate to Orderful support
Email [email protected] with:
Orderful AS2 ID used on this connection
Trading partner's AS2 ID
The certificate file (attached) or certificate text (pasted in the email)
Environment affected (test, production, or both)
Approximate date and time when the certificate changed
Orderful will update you when the AS2 configuration changes are complete.
Step 3 — Ask your trading partner to send a test
Once Orderful confirms the certificate is updated, ask your trading partner to resend a test transmission and confirm the MDN comes back with a successful disposition.
Fix 2: Certificate issue on Orderful's side
Use this fix when Orderful is the sender and your trading partner is rejecting Orderful's messages with an integrity-check-failed MDN.
This means the certificate Orderful is using to sign outbound messages no longer matches what your trading partner has on file.
Step 1 — Get the current Orderful AS2 certificate
Contact [email protected] and request the current Orderful AS2 certificate for the affected connection. Include:
Orderful AS2 ID used on this connection
Trading partner's AS2 ID
Environment affected (test, production, or both)
Step 2 — Share the certificate with your trading partner
Send the Orderful AS2 certificate to your trading partner's EDI or AS2 team and ask them to update their configuration with the new certificate.
Step 3 — Resend from Orderful
Once your trading partner confirms their configuration is updated, resend the affected transactions from Orderful. Filter by Failed Delivery status for that partner and use the bulk resend action to resend them.
Frequently Asked Questions
Our trading partner says they haven't changed their certificate. Why would this error still appear?
Even without an intentional renewal, AS2 software updates or reconfigurations can silently change which certificate is used for signing. Ask them to check which certificate their AS2 software is currently using for outbound signatures — the serial number or thumbprint may differ from what was originally configured.
Can Orderful resend messages that failed during the certificate mismatch?
Yes, Orderful support can reprocess transactions that failed with this error once the correct certificate is applied. Request this explicitly when submitting the certificate update.
This started happening with multiple trading partners at once. What does that mean?
If multiple partners are suddenly getting signature verification errors on messages from Orderful, Orderful's certificate may have changed. Contact support immediately with "multiple partners affected" in the subject line.
How do I prevent this from happening again?
Ensure trading partners notify you before switching their AS2 certificate. You can then proactively send the new certificate to Orderful support before the switch occurs, avoiding any message failures.