How AS2 Certify Tests Your Connection
The exact 8-step diagnostic behind every grade, how the A-F score is calculated, and a sample graded report so you can see the deliverable before you sign up.
The 8-step diagnostic
Every plan, including Free, runs the same 8 steps in the same order. Steps 1-4 run independently. Steps 5-8 depend on step 5: if the message exchange fails, they are skipped rather than scored as failures.
TCP/TLS Connection
Weight 25CriticalConfirms your endpoint accepts a TCP connection and negotiates a TLS handshake, recording the protocol version and cipher suite. This is the most heavily weighted check because nothing else works if the connection itself fails.
Certificate Validation
Weight 15HighInspects the certificate for expiration, key strength, and trust chain issues. A certificate expiring within 30 days triggers a warning even if everything else passes.
Encryption Verification
Weight 10HighConfirms the negotiated cipher suite supports AES-256 or 3DES, the encryption algorithms AS2 trading partners require.
Signing Verification
Weight 10HighChecks the certificate's signature algorithm and flags outdated hashes such as SHA-1 or MD5 in favor of SHA-256 or better.
AS2 Message Exchange
Weight 20CriticalSends a real test AS2 message to your endpoint. If this step fails, the remaining three steps are skipped, since they depend on a successful exchange.
MDN Receipt Validation
Weight 10MediumConfirms your endpoint returned a signed MDN (Message Disposition Notification) receipt for the exchange.
Payload Integrity Check
Weight 5HighHashes the sent payload with SHA-256 to confirm exactly what was sent, and compares it against a received payload when one is available.
Latency Measurement
Weight 5LowTimes the round trip. Two seconds or less is excellent, up to five seconds is acceptable, and anything slower is flagged as a warning.
How the A-F grade is calculated
Each step is scored pass, warn, or fail. A pass earns its full weight, a warn earns 60% of its weight, and a fail earns nothing. The 8 weights above add up to 100, so the result is a score out of 100.
Criticality overrides apply on top of the score so a high number can't hide a broken connection. If both critical steps (the initial connection and the message exchange) fail, the test is automatically graded F regardless of the score. Otherwise:
- A: score 95 or higher, zero failed steps, zero high or critical severity warnings.
- B: score 80 or higher, no critical-step failures.
- C: score 60 or higher, at most one critical-step failure.
- D: score 40 or higher.
- F: below 40, or 2 or more critical-step failures.
Sample report
This is an illustrative example, not a real customer's data. It shows what a passing-but-imperfect connection looks like once all 8 steps have run.
GRADE B
Sample report · score 92/100Pass: TCP/TLS Connection
TLS 1.3 negotiated with AES-256-GCM cipher suite.
Warning: Certificate Validation
Signing certificate expires in 18 days. Renew it before it lapses.
Pass: Encryption Verification
Cipher suite supports AES-256.
Pass: Signing Verification
SHA-256 signature confirmed.
Pass: AS2 Message Exchange
Test message accepted by the partner endpoint.
Pass: MDN Receipt Validation
Signed MDN received.
Pass: Payload Integrity Check
SHA-256 payload hash matched.
Warning: Latency Measurement
3.8 second round trip. Acceptable, but slower than the 2 second target.
Why this connection is a B and not an A: both critical steps (the connection and the message exchange) passed, so it can't auto-fail. But the certificate warning is a high-severity finding, which keeps the grade out of A territory even at a 92 score. Renewing the certificate before it expires clears the way for an A on the next run.
Run it on your own connection
Try the free public check with no signup, or create a free account to run the full 8-step diagnostic against your endpoint.