AS2EDIWalmartRetail

Walmart AS2 EDI Setup Guide: From GEM Registration to Production

12 min readBy AS2 Certify Team

What Walmart Requires from Suppliers

Walmart is the largest driver of AS2 adoption in the world. Every supplier that exchanges EDI documents with Walmart must do so over AS2. Not SFTP, not VAN-to-VAN, not email. AS2. This has been the standard since Walmart mandated it in the mid-2000s to eliminate VAN fees and gain direct, non-repudiated communication with its supply chain.

If you're a new Walmart supplier or migrating from a VAN to direct AS2, this guide walks through every step from initial registration to production go-live. The process typically takes 4 to 6 weeks, most of which is spent in the testing phase.

Prerequisites Before You Start

Before touching any Walmart portal, make sure you have these in place:

  • An AS2-capable platform. This can be commercial software (IBM Sterling, Cleo, OpenText), open-source (OpenAS2, Mendelson), or a managed AS2 service. You need it running and accessible from the internet before you begin Walmart's process.
  • A static IP address or hostname for your AS2 endpoint. Walmart's systems will POST messages to this URL. It must be reachable 24/7.
  • An SSL/TLS certificate for your AS2 endpoint (HTTPS). CA-signed, not self-signed.
  • An AS2 signing/encryption certificate. This can be self-signed. 2048-bit RSA minimum. Walmart accepts self-signed certificates for AS2-level operations.
  • Your Walmart supplier number. This is assigned when you become an approved supplier. You cannot start EDI setup without it.

Step 1: Register in the GEM Portal

GEM (Global Enterprise Messaging) is Walmart's communication management platform. All AS2 configuration with Walmart goes through GEM.

Accessing GEM

  1. Log in to RetailLink at https://retaillink.wal-mart.com.
  2. Navigate to the GEM application. If you don't see it in your RetailLink menu, contact your Walmart buyer or the Walmart EDI support team to request access.
  3. In GEM, create a new "mailbox" for your AS2 connection.

GEM mailbox configuration

When creating your GEM mailbox, you'll provide:

  • AS2 ID: This is your AS2 identifier. Use something descriptive and consistent, like your company name or supplier number. Example: ACME_CORP_12345. This value is case-sensitive and must match exactly in your AS2 platform's configuration.
  • AS2 URL: The HTTPS endpoint where Walmart will send AS2 messages to you. Example: https://as2.yourcompany.com:443/as2. This must be reachable from Walmart's IP ranges.
  • Your public certificate: Upload the public portion of your AS2 signing/encryption certificate. Do not upload your private key. Walmart will use this to encrypt messages sent to you and to verify signatures on messages you send.

Walmart will provide you with:

  • Walmart's AS2 ID: Typically something like 08925485US00 (this varies by division).
  • Walmart's AS2 URL: The endpoint you'll POST messages to.
  • Walmart's public certificate: You'll use this to encrypt messages sent to Walmart and to verify MDNs they return.

Step 2: Configure Your AS2 Platform

With the GEM mailbox created and Walmart's details in hand, configure your local AS2 platform.

Partner profile setup

Create a trading partner profile in your AS2 platform with these settings:

# Partner (Walmart) Configuration
AS2 ID:              [Walmart's AS2 ID from GEM]
AS2 URL:             [Walmart's AS2 endpoint URL]
Encryption Cert:     [Walmart's public certificate]
Encryption Algorithm: 3DES or AES-128 (confirm with Walmart)
Signing Algorithm:    SHA-256
MDN Type:            Synchronous
MDN Signing:         SHA-256

# Your Configuration
AS2 ID:              [Your AS2 ID from GEM]
Signing Cert:        [Your private key + certificate]
Signing Algorithm:    SHA-256

Critical settings to verify

  • MDN: Walmart uses synchronous MDNs. Configure your system to expect a sync MDN on the same HTTP connection. Do not configure async MDN unless Walmart explicitly tells you otherwise.
  • Encryption: Walmart has historically supported 3DES. AES-128 and AES-256 are also supported. Confirm the current requirement with the GEM team, as standards evolve.
  • Content-Type: Use application/edi-x12 for all X12 EDI documents.
  • Compression: Walmart supports ZLIB compression but does not require it. Test with compression disabled first. Add it later if needed.

Step 3: Exchange and Validate Certificates

Certificate exchange is where many Walmart AS2 setups stall. Be methodical here.

Your certificate requirements

  • RSA 2048-bit minimum (4096-bit recommended).
  • Valid for at least 1 year. Walmart recommends 2-year validity to reduce rotation frequency.
  • Subject CN should be descriptive (your company name or AS2 ID).
  • PEM or DER format. Walmart's GEM portal accepts both.

Validating Walmart's certificate

After downloading Walmart's certificate from GEM, verify it before importing:

# Check validity dates
openssl x509 -in walmart_cert.pem -noout -dates

# Check key size
openssl x509 -in walmart_cert.pem -noout -text | grep "Public-Key"

# Verify it's not corrupted
openssl x509 -in walmart_cert.pem -noout -fingerprint

Store the fingerprint. If you ever receive a replacement certificate from Walmart, compare fingerprints to confirm it's genuinely new and not a re-send of the old one.

Validating your own certificate

Before uploading to GEM, confirm your certificate and private key match:

# These two commands should output the same modulus
openssl x509 -in your_cert.pem -noout -modulus | openssl md5
openssl rsa -in your_key.pem -noout -modulus | openssl md5

If the MD5 hashes don't match, your certificate and private key are from different key pairs. This is a common mistake when certificates have been regenerated. Using a mismatched pair means you'll be able to sign messages, but Walmart won't be able to verify the signature because the public key they have (from your certificate) doesn't correspond to the private key you're signing with.

Step 4: Required EDI Documents

Walmart's AS2 connection carries standard X12 EDI documents. The specific documents required depend on your supplier type, but the core set includes:

Documents you receive from Walmart

  • 850 (Purchase Order): Walmart's order to you. Contains item details, quantities, ship-to locations, and delivery dates.
  • 860 (Purchase Order Change): Modifications to an existing PO. Changes to quantities, dates, or items.

Documents you send to Walmart

  • 855 (Purchase Order Acknowledgment): Your confirmation of the 850. You accept, reject, or modify each line item. Walmart expects this within 24 hours of receiving the 850.
  • 856 (Advance Ship Notice / ASN): Shipping details sent before the goods arrive. Includes carton contents, tracking numbers, and ship dates. This is critical. Late or missing ASNs result in chargebacks.
  • 810 (Invoice): Your invoice for the shipped goods. Must reference the original PO number and match the ASN quantities.

Additional documents (depending on your category)

  • 846 (Inventory Inquiry/Advice): For drop-ship or marketplace suppliers.
  • 944 (Warehouse Stock Transfer Receipt Advice): For suppliers using Walmart's distribution network.

Document format requirements

Walmart uses ANSI X12 format, version 4010 or 5010 depending on the document type. Each document must conform to Walmart's specific implementation guide, which specifies required segments, element lengths, and qualifier codes. These guides are available through RetailLink.

Step 5: The Testing Process

Walmart's testing process is thorough. Plan for 4 to 6 weeks. Rushing it leads to rejected tests and restarts.

Phase 1: Connectivity test

Before testing EDI content, Walmart tests the AS2 connection itself.

  1. Walmart sends a test AS2 message to your endpoint.
  2. Your system must receive it, decrypt it, verify the signature, and return a valid signed MDN.
  3. You send a test AS2 message to Walmart.
  4. Walmart verifies receipt, decryption, signature, and returns an MDN.
  5. Both sides confirm successful round-trip communication.

If this phase fails, the problem is in your AS2 configuration, not your EDI content. Common failures here:

  • Firewall blocking Walmart's IP ranges.
  • Certificate mismatch (wrong cert uploaded to GEM, or wrong cert in your partner profile).
  • AS2 ID mismatch (case sensitivity, trailing spaces).
  • MDN configuration disagreement (you expect async, they send sync).

Phase 2: EDI document testing

Once connectivity works, Walmart sends test 850s and expects properly formatted 855, 856, and 810 responses.

  1. Walmart sends test 850 purchase orders through the AS2 connection.
  2. You generate and return an 855 acknowledging the PO.
  3. You generate and return an 856 with shipping details.
  4. You generate and return an 810 invoice.
  5. Walmart validates each document against their implementation guide.

Each document is reviewed individually. If a document fails validation, you'll receive feedback through GEM or your Walmart EDI contact, fix the issue, and resubmit. This cycle repeats until all documents pass.

Common testing failures

  • Missing required segments: Walmart's implementation guides specify mandatory segments that the base X12 standard considers optional. Read the guide carefully.
  • Incorrect qualifier codes: Using generic X12 qualifiers instead of Walmart-specific ones.
  • GS/ISA envelope errors: The ISA Interchange Control Header and GS Functional Group Header must use the correct sender/receiver IDs and qualifiers.
  • Date format issues: Some fields require CCYYMMDD, others YYMMDD. The implementation guide specifies which.

Step 6: Go-Live

After all documents pass Walmart's testing, you'll receive approval to move to production. The transition involves:

  1. Walmart switches your GEM mailbox from test to production mode.
  2. You confirm your production AS2 endpoint is the same as your test endpoint (it usually is, but verify).
  3. Walmart begins sending live 850 purchase orders.
  4. You begin processing real orders and returning production 855, 856, and 810 documents.

Post go-live monitoring

The first two weeks after go-live are critical. Monitor:

  • MDN success rate: Every message should produce a successful MDN. Any MDN failures mean messages may not be reaching their destination.
  • Document acceptance rate: Walmart will reject documents that don't conform to their specifications. Monitor for 997 Functional Acknowledgment rejections.
  • ASN timeliness: ASNs must be transmitted before the shipment arrives. Late ASNs result in chargebacks. Set up automated alerting for any ASN that hasn't been sent within a configurable window after shipment.
  • Certificate expiration: Set a reminder for your certificate expiration date. When you renew, you'll need to upload the new certificate to GEM and coordinate the cutover.

Common Pitfalls and How to Avoid Them

Pitfall 1: Forgetting to whitelist Walmart's IPs

Walmart sends AS2 messages from specific IP ranges. If your firewall doesn't allow inbound connections from these IPs, you'll never receive a message. Get the current IP list from your Walmart EDI contact and whitelist them before your first connectivity test.

Pitfall 2: Using the wrong AS2 ID format

Your AS2 ID in GEM must exactly match your AS2 platform's local ID. Copy and paste. Do not retype. A single character difference, including case, causes message routing failures on both sides.

Pitfall 3: Certificate and private key mismatch

If you regenerated your certificate at any point during setup, the private key on your AS2 platform may no longer match the public certificate you uploaded to GEM. Verify the modulus hash (see Step 3). This causes "signature verification failed" errors that look like a Walmart-side problem but are actually yours.

Pitfall 4: Not reading Walmart's implementation guides

Walmart's X12 implementation guides are not the same as the generic ANSI X12 specification. They add requirements, restrict options, and use Walmart-specific codes. Building your EDI maps from the generic X12 spec and hoping they work is a guaranteed way to fail testing.

Pitfall 5: Ignoring the 997 Functional Acknowledgment

The 997 is an automated response confirming that an EDI document was received and parsed successfully (or not). Some suppliers ignore 997s. Don't. A rejected 997 means Walmart did not process your document. If you sent an 810 invoice and got a rejected 997 back, you are not getting paid until you fix and resend it.

Pitfall 6: Testing with production data

Never send real orders, real invoices, or real ASNs during testing. Use the test data Walmart provides. Sending production documents to the test environment, or test documents to the production environment, creates confusion that takes weeks to untangle.

Test Your AS2 Setup Before Contacting Walmart

The fastest way to get through Walmart's testing process is to eliminate your own configuration issues before Phase 1 begins. If your AS2 setup has certificate problems, MDN issues, or encryption misconfigurations, you'll discover them during Walmart's connectivity test. And every round of fixes means another email chain and another wait for Walmart's team to re-test.

AS2 Certify lets you validate your AS2 configuration against a compliant test endpoint before you enter Walmart's testing queue. It checks your certificates, encryption, signing, and MDN handling, then grades your setup A through F with specific feedback on what needs fixing.

Suppliers who test with AS2 Certify before starting the Walmart process typically pass Phase 1 connectivity testing on the first attempt. That saves 1 to 2 weeks of back-and-forth, which means you're processing real orders sooner.

Test your setup at as2certify.org.