An electronic certificate can be seen as a digital identity card. It us used mostly to identify and authenticate a natural or legal person, but alsto to encrypt the exchanges. It is signed by a trusted third party who certifies the link between the physical identity and the digital (virtual) entity. The most used for creating digital certificates is the X.509.
Depending on my mode of connection, I do not have the same pre-requisites
The table below specifies the type of certificate expected based on your Chorus Pro connection mode.
Server authentication certificate = SSL Server
Client type server authentication certificate = SSL Client
I must acquire one certificate or more of those listed in the previous table.
I must contact a supplier from the LSTI list
Once I have chosen my provider, I can make contact to explain I would like to order a « server authentication » certificate or a « client type server authentication » certificate depending on my RGS* compliant case. I might have to acquire both certificates (EDI PesIT) online.
- Server authentication certificate = SSL Server
- Client type server authentication certificate = SSL Client
For the naming of a SSL Server certificate or a SSL applicative customer certificate, refer to the A3 annex of RGS V2 chapter III.1 : Naming
The certificate must be sent in a pkcs7 format with the complete certification chain.
You can ask for a free test certificate from a Certificate Authority for your test environment. After validating your tests, you can ask for a certificate for your production environment.
I must check the compliance of the certificate(s) with the requirements of the CPP qualification platform according to my connection mode.
In the certificate detail tab :
The Extended key usage indicate the role of the certificate. This must contain « SERVER authentication » or « CLIENT authentication».
It’s an exclusive OR.
The use of the Key usage must show :
- For a server certificate = Digital signature, key encryption
- For a client certificate = Digital signature
Certificate Policy : this field indicates the reference of the certificate.
- You must check that the reference is listed in the LSTI list
- The certificate must be listed at least at a RGS* level
- The certificate must be sent in a pkcs7 format with the complete certification chain.
If all the items listed above are confirmed, the certificate is valid.
Last Update: May 14, 2019