Install enterprise certificate
In order to use the client, the enterprise certificate must be set up according to your environment. We currently support .NET Core, .NET Framework and Java.
.NET Core
Install the certificate
The path and password to the certificate must be put somewhere safe. For local development with .NET Core we recommend using the Secret Manager.
Add the following UserSecretsId
element to your .csproj
file:
<PropertyGroup>
<TargetFramework>netcoreapp2.1</TargetFramework>
<UserSecretsId>organization-certificate</UserSecretsId>
</PropertyGroup>
This means that the element <user_secrets_id>
in the path will be organization-certificate
.
From the command line, navigate to the directory where the current .csproj file is located and run the following commands with your own certificate values.
dotnet user-secrets set "Certificate:Path:Absolute" "<your-certificate.p12>"
dotnet user-secrets set "Certificate:Password" "<your-certificate-password>"
Trust the certificate
In addition to installing the certificate, you must add the certificate to the trust store on the host machine.
Double click the enterprise certificate and choose to install on Local Machine
or Current user
. This will install the intermediate and root certificate on the host, which is what we want.
Open
Keychain Access
Choose
login
keychainUse navigation: File - Import items
Download the root and intermediate certificates from Digitaliseringsdirektoratet for your business certificate provider. Note the renaming to have .crt
ending for update-ca-certificates
:
sudo cp Buypass_Class_3_Test4_Root_CA.pem /usr/local/share/ca-certificates/Buypass_Class_3_Test4_Root_CA.crt
sudo cp Buypass_Class_3_Test4_CA_3.pem /usr/local/share/ca-certificates/Buypass_Class_3_Test4_CA_3.crt
sudo update-ca-certificates
.NET Framework
Note
.NET Framework is only supported on the Windows platform.
The following steps will install the certificate in the your certificate store. This should be done on the server where your application will run.
Double-click on the actual certificate file (CertificateName.p12)
Save the certificate in
Current User
orLocal Machine
and click NextUse the suggested filename. Click Next
Enter password for private key and select Mark this key as exportable … Click Next
Select Automatically select the certificate store based on the type of certificate
Click Next and Finish
Accept the certificate if prompted
When prompted that the import was successful, click OK
Note
If you for some reason are not allowed to store the business certificate with the exportable flag, it can be added to the store using the following script:
certutil -p <password> -csp “Microsoft Enhanced RSA and AES Cryptographic Provider” -importpfx <filename> NoExport,AT_SIGNATURE.
In order to use the certificate you have just installed, the thumbprint of the certificate must be retrieved. It can be done in the following way:
Start
mmc.exe
(Press the windows button and type mmc.exe)Choose File -> Add/Remove Snap-in… (Ctrl + M)
Mark certificate and click Add >
If the certificate was installed in
Current User
chooseMy User Account
and if installed onLocal Machine
chooseComputer Account
, click Finish and then OKExpand
Certificates
node, selectPersonal
and openCertificates
Double-click on the installed certificate
Go to the Details tab
Scroll down to Thumbprint
Copy the thumbprint
Java
If you are using the Java client library, there is no need to install the enterprise certificate. It can be loaded directly from file.