AB Volvo has implemented session level encryption by using Transport Layer Security (TLS). The TLS provides data confidentiality by encryption of all protocol commands and data exchanged between Volvo Group and our partners. This will provide enough security, preventing a third party from extracting any useful information from the transmission.
The EDI partner needs to take action to secure the fulfilment of the technical requirements:
• Implement OFTP2 support in your EDI system
• Acquire a SSL Certificate issued by a Certificate Authority that has been approved by Volvo, see list below.
• The Common Name (CN) of your server certificate should contain the Fully Qualified Domain Name (FQDN) of your OFTP2 server. Do not use a static IP as host name.
• Volvo uses TLS line security (session encryption only).
• The validation is done against Root CA Certificates. That means that your certificate is NOT stored at Volvo and you should store only the Root CA Certificate of Sectigo for verification of Volvo's certificate. (For most of our EDI partners it is enough to verify Volvo's certificate via Sectigo Root CA but in a few cases the intermediate certificate is also needed.
Import the Root CA Certificate of Sectigo into your EDI System, found at:
https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates
Download SHA-2 Root : USERTrust RSA Certification Authority
Serial #: 01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D
SHA1 Fingerprint: 2B 8F 1B 57 33 0D BB A2 D0 7A 6C 51 F7 0E E9 0D DA B9 AD 8E
SHA256 Fingerprint: E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2
If necessary; also import the intermediate certificate found at:
https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates
Download Sectigo RSA Organization Validation Secure Server CA [ Intermediate ]
Serial #: 13 7D 53 9C AA 7C 31 A9 A4 33 70 19 68 84 7A 8D
SHA1 Fingerprint: 40 CE F3 04 6C 91 6E D7 AE 55 7F 60 E7 68 42 82 8B 51 DE 53
SHA256 Fingerprint: 72:A3:4A:C2:B4:24:AE:D3:F6:B0:B0:47:55:B8:8C:C0:27:DC:CC:80:6F:DD:B2:2B:4C:D7:C4:77:73:97:3E:C0
• Firewall configurations: Incoming and outgoing IP-addresses are different because of HW (cluster) solutions. Identity sending files from Volvo is 192.138.117.2 or 192.138.117.25. If possible configure your firewalls to accept files from 192.138.117*
• Your OFTP2 server address must be resolvable by a Reverse DNS Lookup as well as the ordinary lookup. In more technical terms, your server should have both A- and PTR-records registered in your DNS. Please see http://en.wikipedia.org/wiki/Domain_Name_System#Reverse_lookup for details
SSID (ODETTE-Code): O0942000055610326980VOLVO
SFID: O0942000055610326980VOLVO
DNS-Name: oftp2.volvo.com
Port: 6619
Odette International
VeriSign, Inc. (used by Volvo)
America Online Inc.
SECOM Trust Systems CO.,LTD.
SECOM Trust.net
Entrust.net
Thawte Consulting
GlobalSign nv-sa
ValiCert, Inc.
DigiCert Inc
AddTrust AB
TC TrustCenter GmbH
Equifax Secure Inc.
The USERTRUST Network
Starfield Technologies, Inc.
GlobalSign
GeoTrust Inc.
Comodo CA Limited
Baltimore
RSA Data Security, Inc.
Sonera
GTE Corporation
The Go Daddy Group, Inc.
Encode Networks Svenska AB
Mendelson CA
Files sent to Volvo with other SFID than stated above will not be accepted.
Volvo does not normally use predefined virtual filenames. If this is requested, please fill out the virtual filename you wish to receive in the EDI Communication Form.
The file format will be Unstructured. Please notify us if you want any other file format.
The code representation will be ASCII. Please notify us if you want any other code representation.
• Volvo support server authentication by verifying CA's (certificate authorities) as trust model. If server certificate has been verified by trusted CA, Volvo will trust the server.
Import the Root CA Certificate of Sectigo into your EDI System, found at:
https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates
Download SHA-2 Root : USERTrust RSA Certification Authority
Serial #: 01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D
SHA1 Fingerprint: 2B 8F 1B 57 33 0D BB A2 D0 7A 6C 51 F7 0E E9 0D DA B9 AD 8E
SHA256 Fingerprint: E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2
Valid from: Feb 1, 2010 2:00:00 AM CET
Valid to: Jan 19, 2038 2:00:00 AM CET
If necessary; also import the intermediate certificate found at:
https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates
Download Sectigo RSA Organization Validation Secure Server CA [ Intermediate ]
Serial Number: 13 7D 53 9C AA 7C 31 A9 A4 33 70 19 68 84 7A 8D
SHA1 Fingerprint: B8 73 CD 99 2A 53 A9 0F 18 12 E3 EF FC CC 5D A8 DB 79 A1 2D
Valid from: Nov 2, 2018 2:00:00 AM CET
Valid to: Jan 1, 2031 2:00:00 AM CET
• Volvo does not use/require client authentication.
• Volvo support both data encryption and data signatures in message security layer. However this needs to be discussed further before it can be configured.
• Firewall configurations: Incoming and outgoing IP-addresses are different because of HW (cluster) solutions. Identity sending files from Volvo is 192.138.117.2 or 192.138.117.25.
If possible configure your firewalls to accept files from 192.138.117*
Please contact EDI Support if you have any further question.
AS2 - Connection details production | |
---|---|
AS2 Identifier | VOLVO353952559AS2 |
AS2URL | https://as2.volvo.com:8443/SeeburgerAS2/AS2Controller?ls=001 |
AS2 MDN URL | https://as2.volvo.com:8443/SeeburgerAS2/AS2Controller?ls=001 |
Sending IP address | 192.138.117.2 (primary) and 192.138.117.25 (secondary) |
Message/MDN Transport | HTTPS |
Certificate TLS | Generated by a CA Certificate authority |
MDN notification method | Synchronous |