...
On 2018-09-03 OpenPeppol will adopt a new PKI infrastructure and at the same time start the migration process. The new PKI infrastructure does not differ much in comparison with the old infrastructure, the biggest change has been removal of one intermediate CA (for issuing STS certificates) and changing all other CAs to new ones. The new CAs allows improved security (SHA-256) and some minor adjustments have been made to the naming conventions to ease the maintainability of the certificates.
Issuing process
This section is still under construction. No later than 208-04-13 this section will have been updated with information regarding what the user will expect to deal with during the enrollment process.
Requirements
The enrollment process for a new certificate (or renewal of an existing certificate) is done online through a web browser. Only a specific subset of an OS/Web browser combination is supported according to the following table (there might be other combinations that works but they are officially not supported).
...
Purpose | Type | Service | Download | MD5 |
---|---|---|---|---|
PROD | Root CA | ALL | Peppol_Root_CA.cer | 5E790BD599581E4F58E4CCD81505933D |
PROD | Intermediate CA | Access Point | Peppol_AccessPoint_CA.cer | 3C0972B5EC08248892A11E655498D9B3 |
PROD | Intermediate CA | Service Metadata Publisher | Peppol_ServiceMetadataPublisher_CA.cer | 93933897B9A126D318367695CDD77A90 |
TEST | Root CA | ALL | Peppol_Test_Root_CA.cer | 1F0C10BAE3A59DD48C9DD624C51FAF56 |
TEST | Intermediate CA | Access Point | Peppol_Test_AccessPoint_CA.cer | 8ECF5B50E3274ED3126E62E7667B278E |
TEST | Intermediate CA | Service Metadata Publisher | Peppol_Test_ServiceMetadataPublisher_CA.cer | DB95900B57E8DE590C1C7D5BFF348B73 |
Do I need to chain the certificate?
...