Danish Digital Signature (OCES)

About Danish Digital Signature (OCES)

Danish Digital Signature is primarily used in communication between private enterprises and public authorities in Denmark. Approximately 120.000 company’s, and more than 325.000 employees in Denmark have a Digital Signature.

The digital signatures are partly free of charge for the private enterprises, but with a transaction-fee to DanID, from the merchants, who benefits from using the infrastructure.

There are some citizen-certificates (called “OCES1 Personal certificates”) issued using this ID solution, but issuance has ended in 2010.

Although the ID Solution-name and standards are owned by the Danish government, the company DanID A/S is entrusted the task of issuing the Danish Digital Signature. Another large ID solution in Denmark, NemID, is also issued by DanID.

Please contact Signicat for establishing an agreement for the use of Danish Digital Signature.

Establishment

The use of the Danish Digital Signature ID solution is covered by the DanID standard agreement for merchants. This agreement grants you access to the ID solution Danish Digital Signature as well as NemID.

Please refer to the NemID Establishment section, regarding guidance on how to establish a merchant-application using Danish Digital Signature. Signicat will be happy to assist you in completing this tasks.

Certificates

Merchant certificate(OCES 1)

A merchant certificate represents your business, and is used by the web application to communicate securely on your behalf. Merchant certificates are called VOCES (“Virksomheds OCES” or “Virksomhedssignatur”). There are different merchant certificates for test and production environment.

Merchant certificates for test environment are free while there is a fee for production merchant certificate.

Employee certificate (OCES 1)

An employee signature is a personal certificate, but it is associated with your company. With an employee signature you may sign on behalf of your company.

Personal certificate (OCES 1)

NemID is the Danish eID solution for use on both public and private services on the web.

Production environment

In order to go into production with Danish Digital Signature, you will need to complete the following steps:

Signicat will be happy to assist you in completing the tasks listed above.

Testing your Digital Signature certificates in production

Upon completion of the production system (Danish Digital Signature configuration on Id.signicat), testing can be performed on a regular basis:

  • Use of Danish Digital Signature certificates
  • Connection to the OCES responder service
  • PID-CPR service
  • RID-CPR service

Please note that testing the production system, must be performed using live data and certificates. There are no “dummy-certificates” that is accepted in the Danish Digital Signature environment.

Typical login and signature screenshots

Below please find screenshots of a typical login session and a typical signature session. The actual screens may have a different graphical profile in your setup.

 Login session

The pictures below illustrate the login/authentication process with Digital Signature:
Step 1:

Access the login page of Digital Signature.

Step 2:

Browse to your certificate file and select it.

Step 3:

Select the login button and enter the password.

 Signature session

Step 1:

Access the signature page of Digital Signature.

Step 2 and 3:

These steps are identical with authentication.

Test information

Signicat offers 24/7/365 free access to the test environment, preprod.signicat.com.

Test Certificates

You may download test certificates from DanID in Denmark (external link): https://www.certifikat.dk/export/sites/dk.certifikat.oc/da/download/rodcertifikat.html

http://www.nets.eu/dk-da/Service/kundeservice/nemid-tu/Pages/OCES-II-certifikat-eksempler.aspx

Signicats integration with Digital Signature

The technical integration to Id.signicat will be the same as any other ID-solutions you choose Signicat to support. If you already have an integration with Id.signicat, you may add Digital Signature without any changes, except from the url your application sends to Id.signicat.

This assumes that there is no specific ID solution handling in your web application.

Other sources (external links)