Please note that the following description only applies to PSD2 certificates. Different specifications apply to other certificate types. You create and manage your own keys for QWACs for both the test and live certificates. Please use a minimum key length of 2048 for QWAC and 3072 for QSeal ID. You use this to generate a Certificate Signing Request (CSR) that, in addition to the public key, contains precisely the attributes O (Organization), OU (Organizational Unit, optional), CN (Common Name), C (Country Code), S (StateOrProvince), L (City). All other attributes are taken from the order page. With OpenSSL, you generate the CSR as follows:
- openssl genrsa -out [privateKeyName].key 3072
- openssl req -new -utf8 -key [privateKeyName].key -out [requestName].csr
You are prompted to enter all attributes and you then enter values for the above-named attributes and '.' (blank attribute) for the others. Please do not enter any other attributes, e.g. e-mail.
If you are using another program, please ensure that the CSR starts/ends with BEGIN/END CERTIFICATE REQUEST. BEGIN/END NEW CERTIFICATE REQUEST is rejected, edit the CSR if necessary.
We still generate keys for the seal card, a CSR is not necessary.