Jun 8, 2022

Qualified Certificate Electronic Seal PSD2 Ordering and Install

Ordering Overview – Qualified Certificate for Electronic Seal PSD2
 

1. Go to the Qualified Certificates Ordering Page:https://www.globalsign.com/en/digital-signatures/eidas-qualified-and-advanced-electronic-signatures/
2. Select the correct Certificate Type (either the Qualified Certificate for Electronic Seal or Qualified Certificate for Electronic Signature or Qualified Certificate for Electronic Signature PSD2) and then click the Buy Now button. Note: Seals or Signatures including Organization details are only available to organizations with a VAT number???[HM1] 
3. Select your Region and Currency. Then click, Select & Continue.
4. On the Account Setup page, specify details for your GlobalSign Account and set up a Username and Password. (Note: A PAR#####_ prefix will be appended to your username. You will receive your username by email.)
5. Select the Validity Period for the Certificate (1-3 Years). 
6. Complete the Certificate Identity Details and specify the information that will appear in the Certificate.

Note: Setup a one-time use “pickup password” that will be used to securely pickup and install your Certificate onto the cryptographic USB Token.
The Certificate Identity Details will vary based on whether you order a Qualified Seal or Qualified Signature. See the appropriate screenshot below for details.

Ordering, vetting, download and install instructions for Qualified Certificate for Electronic Seal PSD2

1. Select Qualified Electronic Seal PSD2
2. Check the Box for CSR if an HMS is being used to store the certificate and key material, otherwise the certificate can be installed in the Microsoft Certificate Store and USB Token.
3. Subscriber enters the Certificate details, NCA and PSP specific information

 
 
 
 
Submit Payment – you will be charged once Vetting is complete and the Certificate is ready to be issued. 

Note: information only - list of established NCA’s found in the dropdown on the ordering page
 

4. Vetting requirements – documentation required for vetting verification (update for PSD2?)

Qualified Certificate for Organization
Used for Qualified Electronic Seals PSD2 (Binding Organization) (what can be removed or additional information is required for PSD2?)

• Signed Personal Statement
• Photo ID​
  • Identity of the Authorized Representative
  • Verified by Third Party Validator (notary, lawyer, accountant, or equivalent)
• Copy of Secondary Documentation (2 documents) 
  • Provide copies of two secondary documents (one non-financial, one financial) showing name and residential address
  • Residential Address (​City, State and Country included in the Certificate)
  • List of acceptable documents will be provided
  • Bring originals along to Third Party Validator
  • Unnecessary information must be blanked out on the copies sent to GlobalSign
• Notarization of your Application
  • ​Documents must be countersigned by any of the following: Local Government/Municipality, Notary, Lawyer, Certified Public Accountant or a chartered Accountant, or Court Bailiff

• Organization's identity
  • GlobalSign shall verify the Organization is legally recognized, in existence and validly formed and not “invalid”, “inactive”, “not current” or equivalents. GlobalSign shall verify the Organization’s full legal name and, if applicable, its DBA (Doing Business As name).
  • Checked in Qualified Government Information Sources
  • For DBA, additional verification may be required.
  • Organization Identifier will be created by our Validation Specialists.

• Organization's Address
  • Country field is required.
  • Locality field is required if the State field is absent, is optional if State field is present; State field is required if Locality field is absent, optional if Locality field is present.
  • It is best to include both Locality and State fields.
  • Options include: Qualified Government Information Sources, Qualified Independent Information Sources, Verified Legal or Accountant letter, Qualified Electronic Seals

• The Authority to represent the Organization
  • Verified Legal or Accountant letter
  • Qualified Government Information Sources, Qualified Independent Information Sources
  • Independent confirmation from the Organization - for example, speaking to a confirmed Director
  • Using an attestation signed with Organization’s Qualified Electronic Seal

• Organization's Authorization to issue
  • A part of the documentation for the Identity of the Authorized Representative
  • Organization using a Verified Method of Communication
  • Qualified Electronic Seal PSD2

5. Once vetting reviews the order, verifies the required documentation from the PSP Subscriber and approves the order the subscriber will receive and email with the certificate download URL. Depending on how the subscriber chose to generate and store private key materials one of two methods will be used for download and installation of the certificate and private key.
   1. If the subscriber did not select to storing the key materials on an HSM, the Client Side web(token) key gen will used and flow as follows
6. The subscriber will select the CSP for generating the private keys, defaults to Microsoft Enhanced Cryptographic Provide 1.0

The certificate is installed in the Micosoft Certificate store.
If available the Subscriber will have the option to have the certificate also installed on a USB hardware token
 

2. If the CSR option was selected at the time of order: Download and Install certificate on an HSM

• Enter your download password
• Paste the CSR generated on the HSM