Certificates of the Data Exchange Layer’s environments
The article describes the certificates of the test environment (FI-TEST), production environment (FI) and the development environment (FI-DEV) of the Data Exchange Layer. To create certificates, you need different identifiers which are described in the separate article.
Certificates of the Data Exchange Layer
- Authentication certificate: Is used to verify the authenticity of the security server in connections between security servers.
- Signing certificate: Is used to sign messages sent by information systems. Each organisation has an own signature certificate, which is used to verify the messages used by its own services.
- TLS client certificate: The security server uses the certificate to authenticate the information system. The client certificate is subsystem specific. The certificate is used in HTTPS connections, i.e., it is mandatory if the security server is shared between several organisations.
- Security server's own certificate: The information system uses the certificate to authenticate the security server. The certificate is important especially when providing services.
Information required for the server’s signing certificate (Sign certificate)
Required fields in the signing certificate:
- C= (always FI)
- O= (organisation’s name without Scandinavian letters)
- CN= (organisation’s business ID)
- serialNumber=
Content from these fields is shown in the Distinguished Name field in the administrative GUI.
Examples of the signing certificate
Test environment (FI-TEST)
Signing certificate example when the organisation’s name is Organisation, business ID is 0123456-7, security server’s FQDN is organisationlptest01.org.fi and organisation’s type is GOV:
- C=FI
- O=Organisation
- CN=0123456-7
- serialNumber=FI-TEST/organisationlptest01/GOV/
Production environment (FI)
Signing certificate example when the organisation’s name is Organisation, business ID is 0123456-7 and security server’s FQDN is organisationlpprod01.org.fi and organisation’s type is GOV:
- C=FI
- O=Organisation
- CN=0123456-7
- serialNumber=FI/organisationlpprod01/GOV/
Development environment (FI-DEV)
Signing certificate example when the organisation is a private person (test member), security server’s FQDN is organisationlpdev01.domain.fi and organisation’s type is PRI:
- C=FI
- O=testmember
- CN=0000001-0 (for private persons this field is filled automatically by the Data Exchange Layer’s administration)
- serialNumber=FI-DEV/organisationlpdev01/PRI/
Information required for the security server’s authentication certificate (Auth certificate)
Required fields in the authentication certificate:
- C= (always FI)
- O= (organisation’s name without Scandinavian letters)
- CN= (security server’s FQDN)
- serialNumber=
Content from these fields is shown in the Distinguished Name field in the administrative GUI.
Examples of the authentication certificate
Test environment (FI-TEST)
Authentication certificate example when the organisation’s name is Organisation, business ID is 0123456-7, security server’s FQDN is organisationlptest01.org.fi and organisation’s type is GOV:
- C=FI
- O=Organisation
- CN=organisationlptest01.org.fi
- serialNumber=FI-TEST/organisationlptest01/GOV/
Production environment (FI)
Authentication certificate example when the organisation’s name is Organisation, business ID is 0123456-7 and security server’s FQDN is organisationlpprod01.org.fi and organisation’s type is GOV:
- C=FI
- O=Organisation
- CN=organisationlpprod01.org.fi
- serialNumber=FI-TEST/organisationlpprod01/GOV/
Development environment (FI-DEV)
Authentication certificate example when the organisation is a private person (test member), security server’s FQDN is organisationlpdev01.domain.fi and organisation’s type is PRI:
- C=FI
- O=testmember
- CN= organisationlpdev01.domain.fi
- serialNumber=FI-DEV/organisationlpdev01/PRI/