guide · Babelway
AS2 certificate expired in Babelway
Your Babelway / TrueCommerce AS2 traffic stopped moving. Here's what actually broke, how to recover in the right order, and how to confirm which certificate lapsed in seconds.
What broke
Babelway stores certificates on the channel; an expired one breaks that channel's inbound or outbound AS2 flow. The certificate itself is standard X.509 — Babelway is just where it's stored and referenced — so the failure and the fix are the same shape regardless of platform:
- Signing certificate expired — partners can no longer verify your signature and reject inbound messages (negative MDN).
- Encryption certificate expired — partners get
decryption failedbecause they're encrypting to a lapsed key. - Endpoint TLS certificate expired — the HTTPS connection to your AS2 endpoint fails before AS2 logic runs.
Recover in the right order
- Identify the expired certificate and its role in Babelway. Confirm subject, fingerprint and
notAfterso you replace the correct one. - Issue the replacement with the same key usage. The private key stays in Babelway — it never needs to leave.
- Send the new public certificate to every affected partner with its fingerprint, so they can confirm they imported the right file.
- Have each partner import and activate it. This is the slow, human step across different portals and contacts.
- Send a test message and confirm a positive MDN before calling it resolved.
Prevent the next one
Expiries surprise teams because no single place tracks every certificate across every partner, and because a rollover has to start weeks early to give partners time to import. Two habits fix that: keep one inventory of every AS2 certificate's expiry, and roll over during an overlap window so no partner is forced to cut over on the exact expiry day. The rollover checklist walks through it.
check a certificate now