3.1 Certificate Requirements: Difference between revisions
No edit summary |
No edit summary |
||
Line 21: | Line 21: | ||
The '''Production Facility''' made available '''from the 1<sup>st</sup> of June, 2019''', is accessible to all the TPPs in possession of: | The '''Production Facility''' made available '''from the 1<sup>st</sup> of June, 2019''', is accessible to all the TPPs in possession of: | ||
<ul> | <ul> | ||
<li>a valid production QWAC and QSeal (for http-signature) eIDAS Certificates released by a Qualified Trusted Service Provider (QTSP) based on a formal authorization in the NCA | <li>a valid production QWAC and QSeal (for http-signature) eIDAS Certificates released by a Qualified Trusted Service Provider (QTSP) based on a formal authorization in the NCA.</li> | ||
</ul> | </ul> | ||
Revision as of 14:09, 14 June 2019
As required by the Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication contained in the DELEGATED REGULATION (EU) 2018/389 of 27 November 2017, TPP need to be equipped with qualified certificates for electronic seals / website authentication (eIDAS Certificates).
TPP eIDAS Certificates can be of two types:
- QWAC (Qualified Website Authentication Certificate): used as Client Certificates – allow TPPs to communicate securely with and identify themselves towards ASPSPs (Opinion of the European Banking Authority on the use of eIDAS certificates under the RTS on SCA and CSC);
- QSeal (Qualified Certificate for Seals): used to sign requests using http-signature – ensure that the communication between TPPs and ASPSPs is secure and that the data submitted originates from the PSP identified in the certificate (Opinion of the European Banking Authority on the use of eIDAS certificates under the RTS on SCA and CSC);
The Testing Facility (Sandbox) made available from the 14th of March, 2019, is accessible to all the TPPs in possession of:
- a valid QWAC production eIDAS Certificate released by a Qualified Trusted Service Provider (QTSP);
- QWAC Test Certificate released by a Qualified Trusted Service Provider (QTSP);
The Production Facility made available from the 1st of June, 2019, is accessible to all the TPPs in possession of:
- a valid production QWAC and QSeal (for http-signature) eIDAS Certificates released by a Qualified Trusted Service Provider (QTSP) based on a formal authorization in the NCA.
The Production Environment made available from the 1st of June, 2019, is accessible only to the TPPs in possession of both QWAC and QSeal eIDAS Certificates valid for the Production Environment. The TPPs that have already performed the onboarding with the test certificate, in order to ensure the highest levels of security for the PSUs and receive the production client id/secret id, are required to send an explicit request to the dedicated email address supportcbiglobe@cbi-org.eu with attached an eIDAS certificate valid for the production environment.
Furthermore, starting from the 1st of June, 2019, self-signed certificates are not considered valid anymore to access the Testing Facility.