AB Volvo has implemented session level encryption by using Transport Layer Security (TLS). The TLS provides data confidentiality by encryption of all protocol commands and data exchanged between Volvo Group and our partners. This will provide enough security, preventing a third party from extracting any useful information from the transmission.
Technical requirements for EDI Partner
The EDI partner needs to take action to secure the fulfilment of the technical requirements:
• Implement OFTP2 support in your EDI system
• Acquire a SSL Certificate issued by a Certificate Authority that has been approved by Volvo, see list below.
• The Common Name (CN) of your server certificate should contain the Fully Qualified Domain Name (FQDN) of your OFTP2 server. Do not use a static IP as host name. Volvo does not support wildcard certificates.
• Volvo uses TLS line security (session encryption only).
• The validation is done against Root CA Certificates. That means that your certificate is NOT stored at Volvo and you should store only the Root CA Certificate of Verisign for verification of Volvo's certificate. (For most of our EDI partners it is enough to verify Volvo's certificate via VeriSign's Root CA but in a few cases the intermediate certificate is also needed.
Import the Root CA Certificate of Verisign into your EDI System:
Select: VeriSign Class 3 Public PCA - Generation 5 (G5), found at: http://www.symantec.com/page.jsp?id=roots
If needed; also import the intermediate certificate found at: https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=INFO2064
• Firewall configurations: Incoming and outgoing IP-addresses are different because of HW (cluster) solutions. Identity sending files from Volvo is 126.96.36.199 or 188.8.131.52. If possible configure your firewalls to accept files from 192.138.117*
• Your OFTP2 server address must be resolvable by a Reverse DNS Lookup as well as the ordinary lookup. In more technical terms, your server should have both A- and PTR-records registered in your DNS. Please see http://en.wikipedia.org/wiki/Domain_Name_System#Reverse_lookupfor details
OFTP2 Communication Parameters
SSID (ODETTE-Code): O0942000055610326980VOLVO
Approved Certificate Authorities
VeriSign, Inc. (used by Volvo)
America Online Inc.
SECOM Trust Systems CO.,LTD.
TC TrustCenter GmbH
Equifax Secure Inc.
The USERTRUST Network
Starfield Technologies, Inc.
Comodo CA Limited
RSA Data Security, Inc.
The Go Daddy Group, Inc.
Encode Networks Svenska AB
Files sent to Volvo with other SFID than stated above will not be accepted.
Volvo does not normally use predefined virtual filenames. If this is requested, please fill out the virtual filename you wish to receive in the EDI Communication Form.
The file format will be Unstructured. Please notify us if you want any other file format.
The code representation will be ASCII. Please notify us if you want any other code representation.
• Volvo support server authentication by verifying CA's (certificate authorities) as trust model. If server certificate has been verified by trusted CA, Volvo will trust the server.
• Volvo does not use/require client authentication.
• Volvo support both data encryption and data signatures in message security layer. However this needs to be discussed further before it can be configured.
• Firewall configurations: Incoming and outgoing IP-addresses are different because of HW (cluster) solutions. Identity sending files from Volvo is 184.108.40.206 or 220.127.116.11.
If possible configure your firewalls to accept files from 192.138.117*
|AS2 - Connection details production|
|AS2 MDN URL||https://as2.volvo.com:8443/SeeburgerAS2/AS2Controller?ls=001|
|Sending IP address||18.104.22.168 (primary) and 22.214.171.124 (secondary)|
|Certificate TLS||Generated by a CA Certificate authority|
|MDN notification method||Asynchronous or Synchronous|