This page are restricted for now - and until ready for publishing
PKI Infrastructure
At 2018-02-01 (correct date???) OpenPeppol adopted a new PKI infrastructure and at the same time started the migration process. The new PKI infrastructure does not differ much in comparison with the old infrastructure, the biggest change has been removal of one intermediate CA (for issuing STS certificates) and changing all other CAs to new ones. The new CAs allows improved security and some minor adjustments have been made to the naming conventions to ease the maintainability of the certificates.
Issuing process
This section is still under construction - more information must be gathered before it can be completed.
Requirements
The enrollment process for a new certificate (or renewal of an existing) is done online through a web browser. Only a specific subset of OS/Web browser combination is supported according to the following table (there might be other combinations that works but they are officially not supported).
Supported OS/Web Browser combinations:
| Operating Systems | Web Browsers |
|---|---|
| Windows 7 Enterprise edition SP1 (32-bit and 64-bit) | Internet Explorer 8 (32-bit), Internet Explorer 9 (32-bit), Internet Explorer 10 (32-bit), Internet Explorer 11* Firefox 56 |
| Windows 8.1 (32-bit and 64-bit) | Internet Explorer 11* Firefox 56 |
| Windows 10 (32-bit and 64-bit) | Internet Explorer 11* ** Firefox 56 |
| Mac OS X El Capitan (10.11) | Safari 10.1.2 Firefox 56 |
| Mac OS X Sierra (10.12) | Safari 10.1.2 Firefox 56 |
* The renewal plug-in is not supported in Internet Explorer 11 if Enhanced Protection Mode (EPM) is enabled. EPM is disabled by default in Internet Explorer 11. ** Edge mode is not supported |
Renewal
This section is still under construction - more information must be gathered before it can be completed.
Download CAs
The following CAs are used for issuing the certificates, please refer to the PKI Infrastructure section for more information.
| Purpose | Type | Service | Download | MD5 |
|---|---|---|---|---|
| PROD | Root CA | ALL | Peppol_Root_CA.cer | 5E790BD599581E4F58E4CCD81505933D |
| PROD | Intermediate CA | Access Point | Peppol_AccessPoint_CA.cer | 3C0972B5EC08248892A11E655498D9B3 |
| PROD | Intermediate CA | Service Metadata Publisher | Peppol_ServiceMetadataPublisher_CA.cer | 93933897B9A126D318367695CDD77A90 |
| TEST | Root CA | ALL | Peppol_Test_Root_CA.cer | 1F0C10BAE3A59DD48C9DD624C51FAF56 |
| TEST | Intermediate CA | Access Point | Peppol_Test_AccessPoint_CA.cer | 8ECF5B50E3274ED3126E62E7667B278E |
| TEST | Intermediate CA | Service Metadata Publisher | Peppol_Test_ServiceMetadataPublisher_CA.cer | DB95900B57E8DE590C1C7D5BFF348B73 |
FAQ
This section is still under construction - more information must be gathered before it can be completed.
Do I need to chain the certificate?
This section is still under construction - more information must be gathered before it can be completed.