CertCutover

guide · Babelway

AS2 certificate expired in Babelway

Your Babelway / TrueCommerce AS2 traffic stopped moving. Here's what actually broke, how to recover in the right order, and how to confirm which certificate lapsed in seconds.

What broke

Babelway stores certificates on the channel; an expired one breaks that channel's inbound or outbound AS2 flow. The certificate itself is standard X.509 — Babelway is just where it's stored and referenced — so the failure and the fix are the same shape regardless of platform:

Not sure which certificate expired? Paste the public certificate into the inspector — it shows the role (signing / encryption / TLS), the exact expiry date, and the fingerprint, entirely in your browser. Nothing is uploaded.

Recover in the right order

  1. Identify the expired certificate and its role in Babelway. Confirm subject, fingerprint and notAfter so you replace the correct one.
  2. Issue the replacement with the same key usage. The private key stays in Babelway — it never needs to leave.
  3. Send the new public certificate to every affected partner with its fingerprint, so they can confirm they imported the right file.
  4. Have each partner import and activate it. This is the slow, human step across different portals and contacts.
  5. Send a test message and confirm a positive MDN before calling it resolved.
We don't publish click-by-click menu paths for Babelway here — versions differ and a wrong path costs you time mid-incident. The recovery order above is what matters; check Babelway's own docs for exactly where its certificate store lives.

Prevent the next one

Expiries surprise teams because no single place tracks every certificate across every partner, and because a rollover has to start weeks early to give partners time to import. Two habits fix that: keep one inventory of every AS2 certificate's expiry, and roll over during an overlap window so no partner is forced to cut over on the exact expiry day. The rollover checklist walks through it.

check a certificate now

Paste the certificate — see its role and expiry

public certificate — PEM or DER, never uploaded
loading inspector…