Install enterprise certificate

In order to use the client, the enterprise certificate must be set up according to your environment. We currently support .NET Core, .NET Framework and Java.

.NET Core

Install the certificate

The path and password to the certificate must be put somewhere safe. For local development with .NET Core we recommend using the Secret Manager.

Add the following UserSecretsId element to your .csproj file:

<PropertyGroup>
     <TargetFramework>netcoreapp2.1</TargetFramework>
     <UserSecretsId>organization-certificate</UserSecretsId>
</PropertyGroup>

This means that the element <user_secrets_id> in the path will be organization-certificate.

From the command line, navigate to the directory where the current .csproj file is located and run the following commands with your own certificate values.

dotnet user-secrets set "Certificate:Path:Absolute" "<your-certificate.p12>"
dotnet user-secrets set "Certificate:Password" "<your-certificate-password>"

Trust the certificate

In addition to installing the certificate, you must add the certificate to the trust store on the host machine.

Double click the enterprise certificate and choose to install on Local Machine or Current user. This will install the intermediate and root certificate on the host, which is what we want.

Open Keychain Access
Choose login keychain
Use navigation: File - Import items

Download the root and intermediate certificates from Digitaliseringsdirektoratet for your business certificate provider. Note the renaming to have .crt ending for update-ca-certificates:

sudo cp Buypass_Class_3_Test4_Root_CA.pem /usr/local/share/ca-certificates/Buypass_Class_3_Test4_Root_CA.crt
sudo cp Buypass_Class_3_Test4_CA_3.pem /usr/local/share/ca-certificates/Buypass_Class_3_Test4_CA_3.crt
sudo update-ca-certificates

.NET Framework

Note

.NET Framework is only supported on the Windows platform.

The following steps will install the certificate in the your certificate store. This should be done on the server where your application will run.

Double-click on the actual certificate file (CertificateName.p12)
Save the certificate in Current User or Local Machine and click Next
Use the suggested filename. Click Next
Enter password for private key and select Mark this key as exportable … Click Next
Select Automatically select the certificate store based on the type of certificate
Click Next and Finish
Accept the certificate if prompted
When prompted that the import was successful, click OK

Note

If you for some reason are not allowed to store the business certificate with the exportable flag, it can be added to the store using the following script:

certutil -p <password> -csp “Microsoft Enhanced RSA and AES Cryptographic Provider” -importpfx <filename> NoExport,AT_SIGNATURE.

In order to use the certificate you have just installed, the thumbprint of the certificate must be retrieved. It can be done in the following way:

Start mmc.exe (Press the windows button and type mmc.exe)
Choose File -> Add/Remove Snap-in… (Ctrl + M)
Mark certificate and click Add >
If the certificate was installed in Current User choose My User Account and if installed on Local Machine choose Computer Account, click Finish and then OK
Expand Certificates node, select Personal and open Certificates
Double-click on the installed certificate
Go to the Details tab
Scroll down to Thumbprint
Copy the thumbprint

Java

If you are using the Java client library, there is no need to install the enterprise certificate. It can be loaded directly from file.