Here you find information on how eIDAS certificates and how to handle certificate updates.

For your information Bankdata and IT partners will be investigating different options to improve certificate handling. 

Sandbox certificate (embedded in zip-file)
Bankdata provides you with a link to a zip-file containing a test-certificate.
It is not possible to use your own test-certificate or production-certificate in Sandbox.

Only 1 active QWAC eIDAS certificate
Bankdata requires a valid QWAC eIDAS certificate issued by a Qualified Trust Service Provider (QTSP).
It is not possible to use QSealC eIDAS certificates.

You can only use 1 QWAC eIDAS certificate for your ThirdPartyProvider-ID.
Your new QWAC eIDAS certificate will replace your previous certificate.
That is why it is not possible to use both your current AND new certificate when you use the PSD2 APIs.

Who issued your QWAC eIDAS certificate?
If your QWAC eIDAS certificate is issued by a QTSP unknown at our IT hosting partners,
we have to schedule installation of full certificate chain at our IT hosting partners.
Expect up to 10-20 workingdays. 

If your new certificate is issued by a different QTSP than your previous QWAC eIDAS certificate, there is a risk the QTSP is unknown at our IT hosting partners.

We recommend you send a copy of your new certificate to us ASAP to investigate,
if we will have to order a full certificate chain installation at our IT hosting partners.

Examples on known QTSPs
Here are examples on QTSPs already known at our IT hosting partners.
Please note: These are examples, not a complete list.

Actalis EU Qualified Certificates CA G2 Buypass Class 3 CA 2 Buypass Class 3 CA 3 Buypass Class 3 CA G2 QC WA Buypass Class 3 Root CA Buypass Class 3 Root CA G2 QC D-TRUST CA 2-1 2018 D-TRUST CA 2-2 EV 2016 D-TRUST CA 5-22-3 2022 D-TRUST Root CA 2 2018 D-TRUST Root CA 5 2022 D-TRUST Root Class 3 CA 2 EV 2009 Entrust Certification Authority - QTSP Entrust Root Certification Authority - G2 GLOBAL CORPORATE SERVER Global Chambersign Root-2008 GlobalSign GlobalSign GCC R3 EV QWAC CA 2020 HARICA QWAC RSA SubCA R1 Hellenic Academic and Research Institutions CA Hellenic Academic and Research Institutions RootCA 2015 I CA Root CA RSA I CA SSL EV CA RSA 10 2017 InfoCert Organization Validation CA 3 InfoCert Organization Validation SHA256 CA 3 InfoCert Root CA 3 MULTICERT QWAC Certification Authority 005 MULTICERT Root Certification Authority 01 MULTICERT SSL Certification Authority 001 MicroSec e-Szigno Root CA 2009 Qualified e-Szigno TLS CA 2018 QuoVadis Enterprise Trust CA 2 G3 QuoVadis Qualified Web ICA G1 QuoVadis Qualified Web ICA G2 QuoVadis Root CA 2 G3 T-TeleSec GlobalRoot Class 3 TeleSec ServerPass Extended Validation Class 3 CA www digital eu

Please note: The names above must match 100% to the QTSP information in your certificate.

Key size
Recently some QTSPs are issuing certificates with key size 3072 bits.
Bankdata are currently supporting key size 2048, 3072 and 4096 bits.

We support both SHA-512 and SHA-256 as signing algorithms.

Send QWAC certificate in PEM-format
You must send your QWAC eIDAS certificate in PEM-format or text-format to our support email. If you send the certificate in CER-format, it will be blocked by our servers.

We will contact you to schedule deployment of the new certificate. 
Deployment is possible during office hours 09:00 - 14:00 (local danish time).
Expect downtime up to 2 minutes during deployment.
After deployment of new certificate all previous consent tokens are expired.