Here you find information on how eIDAS certificates and how to handle certificate updates.
For your information Bankdata and IT partners will be investigating different options to improve certificate handling.
Sandbox certificate (embedded in zip-file)
Bankdata provides you with a link to a zip-file containing a test-certificate.
It is not possible to use your own test-certificate or production-certificate in Sandbox.
Only 1 active QWAC eIDAS certificate
Bankdata requires a valid QWAC eIDAS certificate issued by a Qualified Trust Service Provider (QTSP).
It is not possible to use QSealC eIDAS certificates.
You can only use 1 QWAC eIDAS certificate for your ThirdPartyProvider-ID.
Your new QWAC eIDAS certificate will replace your previous certificate.
That is why it is not possible to use both your current AND new certificate when you use the PSD2 APIs.
Who issued your QWAC eIDAS certificate?
If your QWAC eIDAS certificate is issued by a QTSP unknown at our IT hosting partners,
we have to schedule installation of full certificate chain at our IT hosting partners.
Expect up to 10-20 workingdays.
If your new certificate is issued by a different QTSP than your previous QWAC eIDAS certificate, there is a risk the QTSP is unknown at our IT hosting partners.
We recommend you send a copy of your new certificate to us ASAP to investigate,
if we will have to order a full certificate chain installation at our IT hosting partners.
Examples on known QTSPs
Here are examples on QTSPs already known at our IT hosting partners.
Please note: These are examples, not a complete list.
Actalis EU Qualified Certificates CA G2
Buypass Class 3 CA 2
Buypass Class 3 CA 3
Buypass Class 3 CA G2 QC WA
Buypass Class 3 Root CA
Buypass Class 3 Root CA G2 QC
D-TRUST CA 2-1 2018
D-TRUST CA 2-2 EV 2016
D-TRUST CA 5-22-3 2022
D-TRUST Root CA 2 2018
D-TRUST Root CA 5 2022
D-TRUST Root Class 3 CA 2 EV 2009
Entrust Certification Authority - QTSP
Entrust Root Certification Authority - G2
GLOBAL CORPORATE SERVER
Global Chambersign Root-2008
GlobalSign
GlobalSign GCC R3 EV QWAC CA 2020
HARICA QWAC RSA SubCA R1
Hellenic Academic and Research Institutions CA
Hellenic Academic and Research Institutions RootCA 2015
I CA Root CA RSA
I CA SSL EV CA RSA 10 2017
InfoCert Organization Validation CA 3
InfoCert Organization Validation SHA256 - CA 3
InfoCert Root CA 3
MULTICERT QWAC Certification Authority 005
MULTICERT Root Certification Authority 01
MULTICERT SSL Certification Authority 001
MicroSec e-Szigno Root CA 2009
Qualified e-Szigno TLS CA 2018
e-Szigno Qualified TLS CA 2018
QuoVadis Enterprise Trust CA 2 G3
QuoVadis Qualified Web ICA G1
QuoVadis Qualified Web ICA G2
QuoVadis Root CA 2 G3
T-TeleSec GlobalRoot Class 3
TeleSec ServerPass Extended Validation Class 3 CA
www digital eu Please note: The names above must match 100% to the QTSP information in your certificate.
Key size
Recently some QTSPs are issuing certificates with key size 3072 bits.
Bankdata are currently supporting key size 2048, 3072 and 4096 bits.
We support both SHA-512 and SHA-256 as signing algorithms.
Send QWAC certificate in PEM-format
You must send your QWAC eIDAS certificate in PEM-format or text-format to our support email. If you send the certificate in CER-format, it will be blocked by our servers.
We will contact you to schedule deployment of the new certificate.
Deployment is possible during office hours 09:00 - 14:00 (local danish time).
Expect downtime up to 2 minutes during deployment.
After deployment of new certificate all previous consent tokens are expired.