About Danish Digital Signature (OCES)
Danish Digital Signature is primarily used in communication between private enterprises and public authorities in Denmark. Approximately 120.000 company’s, and more than 325.000 employees in Denmark have a Digital Signature.
The digital signatures are partly free of charge for the private enterprises, but with a transaction-fee to DanID, from the merchants, who benefits from using the infrastructure.
There are some citizen-certificates (called “OCES1 Personal certificates”) issued using this ID solution, but issuance has ended in 2010.
Although the ID Solution-name and standards are owned by the Danish government, the company DanID A/S is entrusted the task of issuing the Danish Digital Signature. Another large ID solution in Denmark, NemID, is also issued by DanID.
Please contact Signicat for establishing an agreement for the use of Danish Digital Signature.
The use of the Danish Digital Signature ID solution is covered by the DanID standard agreement for merchants. This agreement grants you access to the ID solution Danish Digital Signature as well as NemID.
Please refer to the NemID Establishment section, regarding guidance on how to establish a merchant-application using Danish Digital Signature. Signicat will be happy to assist you in completing this tasks.
Merchant certificate(OCES 1)
A merchant certificate represents your business, and is used by the web application to communicate securely on your behalf. Merchant certificates are called VOCES (“Virksomheds OCES” or “Virksomhedssignatur”). There are different merchant certificates for test and production environment.
Merchant certificates for test environment are free while there is a fee for production merchant certificate.
Employee certificate (OCES 1)
An employee signature is a personal certificate, but it is associated with your company. With an employee signature you may sign on behalf of your company.
Personal certificate (OCES 1)
NemID is the Danish eID solution for use on both public and private services on the web.
In order to go into production with Danish Digital Signature, you will need to complete the following steps:
- Submit a service provider agreement (Called a “Tjenesteudbyderaftale”) to DanID. Please find it at DanIDs site (external link, Danish language): https://www.nets-danid.dk/produkter/for_tjenesteudbydere/nemid_tjenesteudbyder/bestil_nemid_tjenesteudbyder/
- Order a production merchant certificate (called a “Virksomhedssignatur” or “VOCES”). Please find the order form at DanIDs site (external link, Danish language): https://www.nets-danid.dk/produkter/oevrige_signaturer/virksomhedssignatur/bestil_virksomhedssignatur/When ordering you will need to enter information about:
- Your Danish CVR-number.
- Name/friendly name of the application (service name)
- Technical contact person (name and email address)
- Organisational contact person (name and email address)
- Email address associated with the VOCES certificate (Technical/IT operation contact)
- (Optional) Submit a agreement to use the PID-CPR service. If you need to receive CPR numbers from the users (certificate type called “OCES1 Personal certificates”). Please find the order form at DanIDs site (external link, Danish language):
- (Optional) Submit a agreement to use the RID-CPR service. If you need to receive CPR numbers from the users (certificate type called “MOCES 1 Medarbejdersignatur”). Please find the order form at DanIDs site (external link, Danish language):
Signicat will be happy to assist you in completing the tasks listed above.
Testing your Digital Signature certificates in production
Upon completion of the production system (Danish Digital Signature configuration on Id.signicat), testing can be performed on a regular basis:
- Use of Danish Digital Signature certificates
- Connection to the OCES responder service
- PID-CPR service
- RID-CPR service
Please note that testing the production system, must be performed using live data and certificates. There are no “dummy-certificates” that is accepted in the Danish Digital Signature environment.
Typical login and signature screenshots
Below please find screenshots of a typical login session and a typical signature session. The actual screens may have a different graphical profile in your setup.
|The pictures below illustrate the login/authentication process with Digital Signature:|
Access the login page of Digital Signature.
Browse to your certificate file and select it.
Select the login button and enter the password.
Access the signature page of Digital Signature.
|Step 2 and 3:
These steps are identical with authentication.
Signicat offers 24/7/365 free access to the test environment, preprod.signicat.com.
You may download test certificates from DanID in Denmark (external link): https://www.certifikat.dk/export/sites/dk.certifikat.oc/da/download/rodcertifikat.html
Signicats integration with Digital Signature
The technical integration to Id.signicat will be the same as any other ID-solutions you choose Signicat to support. If you already have an integration with Id.signicat, you may add Digital Signature without any changes, except from the url your application sends to Id.signicat.
This assumes that there is no specific ID solution handling in your web application.
Other sources (external links)
- Link to information about Danish Digital Signature (in Danish language): https://www.nets-danid.dk/produkter/nemid_til_erhverv/
- Link to Certificate Policy for OCES employee certificates (in English language): https://www.signatursekretariatet.dk/pdf/ca/Final%20Etsi%20OCES-CP%204.0%20employee%20certificates_eng.pdf