AS2 / X.509 certificate inspector
A certificate expires.
Your EDI traffic stops.
Paste an AS2 signing, encryption or endpoint certificate. See its role, exactly how long it has left, and its fingerprint — before a silent expiry drops your purchase orders and invoices.
public certificates only · private keys and PFX/PKCS#12 files are refused · parsed in your browser, never uploaded
the moment that breaks things
The hard part isn't the expiry date. It's the cutover.
Swapping one org certificate can touch dozens of trading partners — each with its own contact, portal and lead time. You have to run the old and new certificates in parallel until every partner has imported the new one.
Miss the window on one partner and their POs, invoices or ASNs stop moving — usually discovered only when someone calls asking where their orders went.
what the inspector tells you
Read a certificate the way AS2 does
role
Signing, encryption or TLS
Inferred from KeyUsage and extended key usage — so you know what actually breaks if it lapses, not just that "a cert" expired.
urgency
Days left, bucketed
Expired, critical, warning, plan-ahead or OK — matched to the 120/60/14-day windows you rotate on.
fingerprint
SHA-256 & SHA-1
The exact fingerprint to confirm a partner imported the right certificate, plus weak-algorithm and short-key warnings.
safe by design
Never touches private keys
Only public certificates are accepted. Private keys and PFX/PKCS#12 files are detected and refused before anything is parsed.
for teams past a handful of partners
Track every partner cutover in one place
CertCutover is building the workspace that inventories every AS2 certificate across your trading partners, runs the old/new overlap, and records who acknowledged the new cert — so a routine renewal never turns into an outage. Get an email when it opens.
No spam. One email when early access opens.