Digital Certificate Request EORI Traders



Similar documents
How to Order and Install Odette Certificates. Odette CA Help File and User Manual

997 Functional Acknowledgment

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

HMRC Secure Electronic Transfer (SET)

Bank link technical specifications. Information for programmers

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Corporate Access File Transfer Service Description Version /05/2015

(n)code Solutions CA A DIVISION OF GUJARAT NARMADA VALLEY FERTILIZERS COMPANY LIMITED P ROCEDURE F OR D OWNLOADING

>copy openssl.cfg openssl.conf (use the example configuration to create a new configuration)

Novell ichain Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Most common problem situations in direct message exchange

AS DNB banka. DNB Link specification (B2B functional description)

This Annex uses the definitions set out in the Agreement on service of payment cards on the Internet (hereinafter the Agreement).

Document Classification: Public Document Name: SAPO Trust Centre - Generating a SSL CSR for IIS with SAN Document Reference:

X.509 Certificate Generator User Manual

Chapter 6 Electronic Mail Security

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

ASA 8.x: Renew and Install the SSL Certificate with ASDM

Using Voltage Secur

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

CSR REPORT 2016 Corporate Social Responsibility Report

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

Project #2: Secure System Due: Tues, November 29 th in class

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

How to Use Boston Private Bank s Secure Mail Service

MICHIGAN SECRETARY OF STATE ELECTRONIC INSURANCE VERIFICATION (EIV) TRANSMISSION OPTIONS AND FILE FORMAT GUIDELINES

SFTP (Secure Shell FTP using SSH2 protocol)

SSL Protect your users, start with yourself

Implementation Guidelines For ANSI X12 Interchange Control Structures Inbound & outbound. (v2002)

Den Gode Webservice - Security Analysis

Cryptography and Network Security Chapter 15

Web Service Integration

Online signature API. Terms used in this document. The API in brief. Version 0.20,

Using Entrust certificates with Microsoft Office and Windows

Secure Envelope specification

Interoperability Guidelines for Digital Signature Certificates issued under Information Technology Act

User Guide. Description of method for setting up secure communication with CDS using Outlook Express

Secure IIS Web Server with SSL

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

Network Security Essentials Chapter 7

TIMBERWOOD BANK BUSINESS ONLINE CASH MANAGEMENT AGREEMENT Please review the following terms and conditions.

Intel vpro Technology. How To Purchase and Install Go Daddy* Certificates for Intel AMT Remote Setup and Configuration

Using etoken for Securing s Using Outlook and Outlook Express

214 Transportation Carrier Shipment Status Message - LTL

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Certification Practice Statement

BEA Weblogic Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Acano solution. Certificate Guidelines R1.7. for Single Combined Acano Server Deployments. December H

Reducing Risk Through Effective Certificate Management

Iowa Immunization Registry Information System (IRIS) Web Services Data Exchange Setup. Version 1.1 Last Updated: April 14, 2014

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

Authorization for ACH Transfer

Eaton Corporation Electronic Data Interchange (EDI) Standards Application Advice (824) Version 4010

Encrypted Connections

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0

OIO SAML Profile for Identity Tokens

If you ve got their number, you ve got their business

How To Send An Encrypted In Outlook 2000 (For A Password Protected ) On A Pc Or Macintosh (For An Ipo) On Pc Or Ipo (For Pc Or For A Password Saf ) On An Iphone Or

Apparo Fast Edit. Excel data import via 1 / 19

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

PGP from: Cryptography and Network Security

P309 - Proofpoint Encryption - Decrypting Secure Messages Business systems

Chapter 4 Virtual Private Networking

Using custom certificates with Spectralink 8400 Series Handsets

Secure Frequently Asked Questions

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

TeliaSonera Server Certificate Policy and Certification Practice Statement

Spryng Making Business Mobile (0) Spryng Headquarters: Herengracht BW Amsterdam - The Netherlands

SIX Trade Repository AG

Public Key Infrastructure in idrac

Extended Validation SSL

User s Guide. Security Operations Ver. 1.02

Configuring Secure Socket Layer (SSL)

NATIONAL BANK OF ROMANIA

Message Containers and API Framework

Corporate Standardised Sign Off Presentation User Guide (Outlook)

Hal E-Bank Foreign payments (Format of export/import files)

ANZ transactive

Wimba Pronto. Version 3.1. Administrator Guide

Securing Microsoft Exchange 2010 With VeriSign Authentication Services

Jobs Guide Identity Manager February 10, 2012

Secure Message Center User Guide

Reading an sent with Voltage Secur . Using the Voltage Secur Zero Download Messenger (ZDM)

*NOTICE * THIS APPLICATION WAS REVISED IN JUNE 2015 PLEASE READ CAREFULLY

Welcome to Highlands State Bank Internet Banking Center. Important Information for New Users. System Security and Browser Information

Securing Microsoft Exchange 2010 with Symantec SSL Certificates

INTERNET AND SECURITY

PGP - Pretty Good Privacy

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

Bitrix Site Manager ASP.NET. Installation Guide

Vital Link 2.X Pre-Install Checklist

Acano solution. Certificate Guidelines R1.7. for Single Split Acano Server Deployments. December F

Motor Insurance Database Phase II 4 th EU Motor Insurance Directive. Attended file transfer

Transcription:

Digital Certificate Request EORI Traders Document History Edi. Rev. Date Description Action (*) Pages 0 1 03/08/2015 Draft for internal review. I All 0 2 10/08/2015 Version issued after internal review. IR All 1 0 25/08/2015 Final Version. IR All 1 1 30/11/2015 New endpoints added. IR All (*) Actions: I = Insert R = Replace Table of Contents 1. Digital Certificate... 2 2. Digital Certificate request process model... 3 3. Production Webservices endpoints... 3 4. Testing Webservices endpoints... 4 5. CSR Information... 4 6. Request E-mail example... 5 7. CSR request error messages list... 6 Disclaimer The AT (Autoridade Tributária e Aduaneira) maintains this document to enhance EORI Traders access to the Portuguese Customs Systems. Our goal is to keep this document information timely and accurate. If errors are brought to our attention, we will try to correct them. However, the AT accepts no responsibility or liability whatsoever with regard to the information on this document. 1 / 6

1. Digital Certificate The digital certificate for webservices is requested by EORI Traders and it is signed by AT (Portuguese Taxation and Customs Authority). Hence, the EORI Trader should make a request for digital certificate by using a CSR Certificate Signing Request, which must be send by e-mail to: asa-eori-dc@at.gov.pt As the validation of CSR file is automated, the application e-mail must comply with the following information and rules: Subject: Certificate Request for <EORI number> Attached content: CSR file CSR file name: <EORI number>.csr E-mail content: Free text E-mail must have a single attachment only EORI number must be valid Logo attached pictures are not allowed inside this application e-mail. The CSR file is a very small text file that contains the encrypted SSL certificate and all the necessary EORI Trader s information needed to AT validation and signature. This SSL certificate is digitally signed and will be used to authorize communication when a webservice is invoked. The procedure for CSR generation is very simple but varies according with web technology used by the participating entity, and therefore, it should be checked the respective support documentation for each tool. The usage of special characters (e.g., Portuguese characters, Latin languages, etc.) is not accepted inside the CSR file, since the use of these characters could invalidate the digital signature of the digital certificate. Hence, it must be ASCII characters only. This process ends when AT replies by e-mail with the signed digital certificate, in an attached.zip file, that must be integrated into the Trader s private key. 2 / 6

2. Digital Certificate request process model The digital certificate attribution process model is described in the diagram below: Digital Cerificate request process for EORI traders EORI Trader Digital Certificate request Request to EORI Digital Certificate E-mail: asa-eori-dc@at.gov.pt E-mail from AT mentioning that the request is invalid and why. E-mail from AT containing the digital certificate in a.zip file. AT (Portuguese Taxation and Customs Authority) Request received Request validation Invalid Valid Digital Certificate generation Send reply Information: It is highly recommended that the renew process starts at minimum one month before the expiration date. Important: For security reasons, the only valid e-mail address reply from AT is:...@at.gov.pt Please do not accept replies from other sources. 3. Production Webservices endpoints The list of production endpoints available is described below: Webservices ICS System ECSDSS System Production Endpoints https://servicos.portaldasfinancas.gov.pt:501/jsp/externalwebservice.jsp?external=icsws https://servicos.portaldasfinancas.gov.pt:503/jsp/externalwebservice.jsp?external=ecsws 3 / 6

4. Testing Webservices endpoints It is available a list of testing webservices endpoints that might be used for testing purposes only and it is described in the table below: Webservices ICS System ECSDSS System Testing Endpoints https://servicos.portaldasfinancas.gov.pt:801/jsp/externalwebservice.jsp?external=icsqualidadews https://servicos.portaldasfinancas.gov.pt:803/jsp/externalwebservice.jsp?external=ecsqualidadews A specific Digital Certificate for testing might be requested to the following e-mail: asa-eori-dc@at.gov.pt 5. CSR Information The list of CSR more relevant information is described in the table below: CSR Field Description Min Length Max Length C = Country ISO 3166-1 alpha-2 code is used to refer the location of the Trader s headquarters. In Portugal it must be "PT". 2 (chars) 2 (chars) ST = Province, Region, County or State District Headquarters. 4 (chars) 32 (chars) L = Town/City Town/City of Headquarters. 1 (char) 32 (chars) O = Business Name / Organisation OU = Department Name/ Organisational Unit The company's legal name. 1 (char) 180 (chars) Department to contact. 1 (char) 180 (chars) CN = Common Name Common Name must be the EORI number. 3 (chars) 17 (chars) E = E-mail address Key bit length The e-mail address for contact is usually the person responsible for issuing the CSR. It must be a valid e-mail address and the same as the one registered by EORI. Public key of the SSL certificate generated by the software producer. It must be generated with 2048 bits. 6 (chars) 80 (chars) 2048 (bits) 2048 (bits) More details could be found on point 7. 4 / 6

6. Request E-mail example Example of a digital certificate request for EORI Trader by e-mail: 5 / 6

7. CSR request error messages list ID Error code Reply message Object Rule 1 csrmaxlen Maximum CSR length is 1722 characters. CSR Maximum CSR lenght must be 1722 characters 2 nullcountry Country Code (C=Country) is mandatory CSR [C] Country Code cannot be empty 3 invalidcountry Country Code (C=Country) must contain only letters according to ISO 3166-1 alpha-2 standard CSR [C] Country Code must use ISO 3166-1 alpha-2 4 nullstate State (ST=Province/Region/Country/State) is mandatory CSR [ST] State cannot be empty 5 minstatelen Minimum State (ST=Province/Region/Country/State) length is 4 characters CSR [ST] State must have between 4 and 32 characters 6 maxstatelen Maximum State (ST=Province/Region/Country/State) length is 32 characters CSR [ST] State must have between 4 and 32 characters 7 nulltown Town (L=Town/City) is mandatory CSR [L] Town cannot be empty 8 invalidtown Town (L=Town/City) may only contain ASCII characters CSR [L] Town cannot have special characters 9 nullorganisation Business Name (O=Business Name) is mandatory CSR [O] Business Name cannot be empty 10 minorganisationlen Minimum Business Name (O=Business Name) length is 2 characters CSR [O] Business Name must have between 2 and 180 characters 11 maxorganisationlen Maximum Business Name (O=Business Name) length is 180 characters CSR [O] Business Name must have between 2 and 180 characters 12 invalidorganisation Business Name (O=Business Name) may only contain ASCII characters CSR [O] Business Name cannot have special characters 13 nulldepartment Organizational Unit (OU=Organizational Unit) is mandatory CSR [OU] Organizational Unit cannot be empty 14 mindepartmentlen Minimum Organizational Unit (OU=Organizational Unit) length is 2 characters CSR [OU] Organizational Unit must have between 2 and 180 characters 15 maxdepartmentlen Maximum Organizational Unit (OU=Organizational Unit) length is 180 characters CSR [OU] Organizational Unit must have between 2 and 180 characters 16 invaliddepartment Organizational Unit (OU=Organizational Unit) may only contain ASCII characters CSR [OU] Organizational Unit cannot have special characters 17 nullcommonname Common Name (CN=Common Name) is mandatory CSR [CN] Common Name cannot be empty 18 nullemail Email (E=Email) is mandatory CSR [E] Email cannot be empty 19 maxemaillen Maximum Email (E=Email) length is 80 characters CSR [E] Email cannot have more than 80 characters 20 invalidemail Email (E=Email) is not a valid email address CSR [E] Email address must be valid 21 invalidkeytype Public Key must be RSA with a 2048 bit strength CSR The Public Key must be RSA with a 2048 bit strength 22 invalidkeylen Public Key must be RSA with a 2048 bit strength CSR The Public Key must be RSA with a 2048 bit strength 23 invalidhash The CSR must be encoded either in SHA1 or SHA256 CSR The CSR must be encoded either in SHA1 or SHA256 24 invalideori EORI identification is not valid or found Mensagem EORI identification must be valid 25 nomailforeori EORI does not have na associated email Mensagem EORI must have a valid email 26 noteorimail The sender's mail does not match the designated EORI Mensagem The sender's mail must match the designated EORI 27 requesteoridoesnotmatch The requester's EORI does not match the Common Name (CN=Common Name) in the CSR CSR e Mensagem The requester's EORI must match the Common Name in the CSR 28 invalideoridate EORI is not active Mensagem EORI must exist and be valid 29 toomanyattachments Certificate Request message can contain only one attachment Mensagem Certificate Request message must have one attachment only 30 filenamenoteori CSR file name is not EORI Mensagem CSR file name must match with EORI number 99 unknownerror No message available for this unknown error. It must be handle manually Geral Unknown Error. Please confirm all CSR file 6 / 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information