Skip to main content

Order certificates

Important

To set up DigiD, start with the steps described in the Initial preparations page. Without following those important steps you may experience delays, technical difficulties and/or even unnecessary expenses.

1. Create a CSR in the Dashboard

In order to purchase a PKIo certificate, you first need to create a Certificate Signing Request (CSR) in the Signicat Dashboard. Then, Signicat will generate a CSR for you based on the information you provide.

To create a CSR in the Signicat Dashboard:

  1. Navigate to Account management > Signing Certificates.
  2. In Certificate Signing Requests, select Create.
  3. Fill in the fields in the form:
  4. Select Create to create the Certificate Signing Request (CSR).
  5. Select Download to download the newly created CSR.

A CSR contains information about your business so that the Certificate Authority (CA) can verify your business identity. Below is an example of what CSR certificates look like:

-----BEGIN CERTIFICATE REQUEST-----
...Base64-encoded string...
-----END CERTIFICATE REQUEST-----

2. Purchase PKIo certificates

You must configure your DigiD integration with two separate PKIo certificates:

  • One certificate for sandbox
  • One certificate for production

These certificates are used to cryptographically sign the messages between Signicat and the DigiD/Logius network. Note that lead time is around five working days.

You use the CSR you obtained in the previous step to purchase PKIoverheid certificates which are mandatory to connect to DigiD or eHerkenning. The PKIo certificate type you require is "Private Root CA - G1".

Important

Make sure that:

  1. You only use the CSRs provided by Signicat. If you purchase the certificates independently, your integration will not succeed.
  2. You purchase a PKIoverheid (PKIo) certificate.
  3. The certificate type is "Private Root CA - G1".

When purchasing a certificate from KPN, you should explicitly ask to use the Signicat CSR you have created in the previous step.

Two certificate providers sell PKIo certificates:

  1. QuoVadis
  2. KPN

You can find more instructions to obtain PKIo certificates on the Logius website - PKIoverheid-certificaat aanvragen.

Note

Note that you will need separate certificates for the production and the sandbox environments.

3. Upload PKIo certificates in the Dashboard

Once you have purchased and received the PKIo certificates from a certificate provider, you need to upload the public part of the certificates (.pem or .cer file extension) to the Signicat Dashboard.

To upload a PKIo certificate to the Signicat Dashboard, do the following:

  1. Navigate to Account management > Signing Certificates.
  2. In the Signing Certificates section, select Upload certificate to upload the public part of the certificate from your device.

Alternatively, you can either:

Next step

3. Setup a DigiD in pre-production
Choose a protocol and configure DigiD in pre-production
Last updated:
On this page