- Newest
- Most votes
- Most comments
Hello,
A 400 error could be returned from the endpoint if a valid AS2 message is not received. It is possible that the AS2-From and AS2-To headers do not match the values for an agreement associated with the server. The AS2-From header should match the AS2 ID in the partner profile, whereas the AS2-To header should match the AS2 ID in the local profile. Could you confirm if this is not the case?
Also, do check that the agreement has an access role with permission to read and write from the S3 bucket and that the role’s trust policy allows the transfer service to assume the role as described here [1].
Further, if the server has a logging role configured, check whether the server's CloudWatch Logs contain any AS2 message logs. If the logs do not contain the reason for the failure, do raise a support case providing the AS2 Message ID and VPC Endpoint ID so that the Support team can check for the exact reason why the message is not being accepted by the endpoint.
Also, to your question, as you correctly pointed out, signing-cert.pem
and encryption-cert.pem
from the example are both the public certificates which are shared with the trading partner. signing-key.pem
and encryption-key.pem
should not be shared with the trading partner.
References:
[1] https://docs.aws.amazon.com/transfer/latest/userguide/requirements-roles.html.
-- Sagar
Relevant content
- Accepted Answerasked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 4 months ago