New issuing CA
Updated April 2020
May 14 2020, Nets
DanID plans to put two new issuing Certificate
Authorities (ICA04 and ICA05) into production.
If your solution handles multiple CAs, there is no problem
If you have prepared your NemID solution to handle multiple CAs, there should be no problems. Your application simply needs to "trust" the new CAs.
If your NemID solution does not handle multiple CAs
If you have implemented direct references to the revocation lists, for example in the form of URLs or coded directly into your application which CAs your solution trusts, then you need to update your NemID solution, so your solution accepts certificates from the new CAs - ICA04 and ICA05. This must be done before ICA04 is commissioned.
In the links below you get the public key to the new CAs.
Nets DanID deployed ICA04 in the PreProd (PP) test environment in January of 2020. ICA05 will be depoyed in 2021.
Test if your NemID-solution ready to handle certificates issued from the new CA
a) Create a new user in Nets DanID's test environment with a newly issued test certificate. The test certificates will be issued from the new ICA04.
b) Try to log into your test environment with the newly issued test certificate. If you can log into your test environment with a test certificate issued by ICA04, you do not need to take any further action
For Pre-Production test system use:
ICA04: cn=TRUST2408 Systemtest XXXIV CA,o=TRUST2408,c=DK
ICA05: cn=TRUST2408 Systemtest XXXV CA,o=TRUST2408,c=DK
For Production systems:
ICA04: cn=TRUST2408 OCES CA IV,o=TRUST2408,c=DK
ICA05: cn=TRUST2408 OCES CA V,o=TRUST2408,c=DK