"AS2", aka RFC4130, is a standard for EDI which uses S/MIME over HTTP.
Key features of the standard are that the document is signed and
encrypted before transmission, and the receiving party must generate
and send a Message Disposition Notification (MDN) in response. (This
confirms that the document has been received & unencrypted and that
the signature has been verified.) In essence it provides for secure
document exchange and non-repudiation of receipt.

I'm trying to implement AS2 on OpenVMS. At present I have a DCL
procedure which uses a number of SSL for OpenVMS utilities (the openssl
command set) to extract the document from the incoming message, and
another DCL procedure for generating the MDN.

I've run into two problems:
1. I can't get 'openssl smime -verify' to verify the incoming
document's signature.
2. My MDN looks OK to me but the other party claims it's not.
(So far we've been unable to get any further detail from them,
i.e. what exactly is wrong with it, which isn't very helpful!)

So, I was wondering if anyone has implemented AS2 on OpenVMS and if
so, would you be willing to provide some assistance? This is my first
project to use SSL and it's very possible that I've misunderstood
something crucial.


Jeremy Begg
jeremy at vsm com au