Go directly to contents.
Suomi.fi Data Exchange Layer

Automatically renewed certificates in the Data Exchange Layer

In 2026, the Suomi.fi Data Exchange Layer will prepare to introduce the ACME feature. ACME (Automated Certificate Management Environment) enables the automated renewal of certificates.

What does ACME provide?

With ACME, the current authentication (auth) and signing (sign) certificates of Security Servers can be renewed automatically via the server’s user interface. This makes the work of organisations and administrators easier, as manual renewal will be replaced by automatically renewing certificates.

In the Suomi.fi Data Exchange Layer, the validity period of authentication certificates will be shortened to six months in March 2026, and later to an even shorter period.

To support the transition to ACME, the validity period of organisation-specific signing certificates (sign) will temporarily be extended to two years the next time the organisation renews them.

  • We also recommend that organisations whose authentication certificate expires between 1 March and 1 June 2026 renew it before 14 March 2026. This allows them to receive one more certificate with a one‑year validity period. This precaution aims to ensure a smooth and secure transition phase.

Currently, organisations authorise the Data Exchange Layer operator (maintenance) to apply for and renew certificates on their behalf. In the future, organisations will manage certificate administration and applications themselves.

We will publish more detailed instructions on ACME deployment and applying for automatically renewing certificates as the reform progresses.

ACME support in different X‑Road versions

To configure ACME later in the Security Server’s user interface, your server must run at least X‑Road version 7.5.1. Please take this into account when planning version update schedules and preparing your Security Servers for ACME deployment.

At present, the central server environment in the Suomi.fi Data Exchange Layer test environment (FI‑TEST) has been updated to X‑Road version 7.6.2. The central server environments will be updated to the newest X‑Road version 7.7.0 during 2026.

Note: We will issue a separate notice once ACME deployment becomes possible in the Suomi.fi Data Exchange Layer.

Operating system requirements for X‑Road version 7.5.1

  • Ubuntu versions 22.04 LTS or 24.04 LTS
  • Red Hat Enterprise Linux (RHEL) versions 8 or 9

X‑Road versions 7.5.0 / 7.6.0 / 7.7.0 support different ACME functionalities

Full ACME automation is supported only from version 7.7.0 onwards. Below is an overview of the functionalities supported by each version.

X‑Road version 7.5.0

  • Support for requesting both new and renewed certificates via ACME

X‑Road version 7.6.0

  • Support for automatic certificate renewal via ACME
  • Support for email notifications related to ACME events

X‑Road version 7.7.0

  • Support for automatic activation of certificates obtained via ACME

Email notifications

Email notifications can be enabled starting from X‑Road version 7.6.0. Notifications inform administrators, for example, when certificates are approaching expiration.

We recommend using a shared process email address for these notifications.

More Information

Technical questions: palveluvayla@palveluvayla.fiOpens in a new window.
Other questions: palveluvayla-kayttoonotot@dvv.fiOpens in a new window.

Updated: 24/2/2026

Are you satisfied with the content on this page?