Scenario:

When we send AS2 encrypted S/MIME data to a trading partner, we receive a 'bad' MDN back indicating a decryption error occurred.

MDN Error Messages:

The encrypted message sent to 112084681 has been received.
However, the message could not be decrypted/verified (may have been altered).
There is no guarantee about the validity of the actual transaction, or that it has been
read by a human operator.

------=_Part_3975_259156139.1420543865931
Content-Type: message/disposition-notification
Content-Transfer-Encoding: 7bit

Reporting-UA: BOECSAPP03 (Liaison ECS 7.1)
Original-Recipient: rfc822
Final-Recipient: rfc822;
Original-Message-ID: <287f1220bf03414a9840b30a63f81092@287f1221bf03414a9840b30a63f81092>
Disposition: automatic-action/MDN-sent-automatically; processed/Error: decryption-failed

EXTOL Secure Error Log:

Received HTTP response(200 OK)
Closed connection
Delivered document
Received synchronous MDN
Failed to verify MDN signature(java.security.SignatureException: Verification failed)

Resolution:

We needed to contact AS2 trading partner to obtain their new AS2 public certificate. With the new certificate, TP was able to decrypt our outbound data.