New issuing CA

Updated April 2020 

Time plan

May 14 2020, Nets DanID plans to put two new issuing Certificate Authorities (ICA04 and ICA05) into production.

If your solution handles multiple CAs, there is no problem

If you have prepared your NemID solution to handle multiple CAs, there should be no problems. Your application simply needs to "trust" the new CAs.

If your NemID solution does not handle multiple CAs

If you have implemented direct references to the revocation lists, for example in the form of URLs or coded directly into your application which CAs your solution trusts, then you need to update your NemID solution, so your solution accepts certificates from the new CAs - ICA04 and ICA05. This must be done before ICA04 is commissioned.

Public keys

In the links below you get the public key to the new CAs.

http://m.aia.ica04.trust2408.com/oces-issuing04-ca.cer

http://m.aia.ica05.trust2408.com/oces-issuing05-ca.cer

Testing

Nets DanID deployed ICA04 in the PreProd (PP) test environment in January of 2020. ICA05 will be depoyed in 2021.

Test if your NemID-solution ready to handle certificates issued from the new CA

a) Create a new user in Nets DanID's test environment with a newly issued test certificate. The test certificates will be issued from the new ICA04.

b) Try to log into your test environment with the newly issued test certificate. If you can log into your test environment with a test certificate issued by ICA04, you do not need to take any further action

Trust information

For Pre-Production test system use:

ICA04:    cn=TRUST2408 Systemtest XXXIV CA,o=TRUST2408,c=DK

ICA05:    cn=TRUST2408 Systemtest XXXV CA,o=TRUST2408,c=DK

For Production systems:

ICA04: cn=TRUST2408 OCES CA IV,o=TRUST2408,c=DK

ICA05: cn=TRUST2408 OCES CA V,o=TRUST2408,c=DK