Which SSL certificate should I get for AWS Transfer Family with AS2 HTTPS endpoints?

Question

Hi all,

I've recently started trying out AWS Transfer Family with AS2. According to the documentation, when sending AS2 messages or asynchronous MDNs to a trading partner's HTTPS endpoint, I must use a valid SSL certificate signed by a certificate authority (CA) that's trusted by AWS Transfer Family. Self-signed certificates are not supported. The list of trusted CAs can be found at https://www.amazontrust.com/repository/.

I am not sure which certificate to get and how to obtain it. Can someone guide me through the process of choosing the right SSL certificate and obtaining it from a trusted CA for AWS Transfer Family with AS2 HTTPS endpoints?

Thank you in advance!

Answer

Hello, we recently updated the messaging in the [known limits section](https://docs.aws.amazon.com/transfer/latest/userguide/as2-config-etc.html#as2-limits-issues) of our our documentation to the following:

>When sending AS2 messages or asynchronous MDNs to a trading partner's HTTPS endpoint, the messages or MDNs must use a valid SSL certificate signed by a publicly trusted certificate authority (CA). Self-signed certificates are not currently supported.

We don't recommend any one certificate authority over another, but some of the most popular include GoDaddy, Comodo, DigiCert, GeoTrust, and The SSL Store. Each certificate authority should provide detailed instructions on how to obtain the proper SSL certificates. Details on how to import and use these certificates with AWS Transfer Family for AS2 can be found [here](https://docs.aws.amazon.com/transfer/latest/userguide/as2-end-to-end-example.html#as2-example-walkthrough).

Which SSL certificate should I get for AWS Transfer Family with AS2 HTTPS endpoints?

Relevant content