Install enterprise certificate

In order to use the client, the enterprise certificate must be set up according to your environment. We currently support .NET Core, .NET Framework and Java.

.NET Core

Install the certificate

The path and password to the certificate must be put somewhere safe. For local development with .NET Core we recommend using the Secret Manager.

Add the following UserSecretsId element to your .csproj file:


This means that the element <user_secrets_id> in the path will be organization-certificate.

From the command line, navigate to the directory where the current .csproj file is located and run the following commands with your own certificate values.

dotnet user-secrets set "Certificate:Path:Absolute" "<your-certificate.p12>"
dotnet user-secrets set "Certificate:Password" "<your-certificate-password>"

Trust the certificate

In addition to installing the certificate, you must add the certificate to the trust store on the host machine.

Double click the enterprise certificate and choose to install on Local Machine or Current user. This will install the intermediate and root certificate on the host, which is what we want.
  1. Open Keychain Access
  2. Choose login keychain
  3. Use navigation: File - Import items

Download the root and intermediate certificates from Digitaliseringsdirektoratet for your business certificate provider. Note the renaming to have .crt ending for update-ca-certificates:

sudo cp Buypass_Class_3_Test4_Root_CA.pem /usr/local/share/ca-certificates/Buypass_Class_3_Test4_Root_CA.crt
sudo cp Buypass_Class_3_Test4_CA_3.pem /usr/local/share/ca-certificates/Buypass_Class_3_Test4_CA_3.crt
sudo update-ca-certificates

.NET Framework


.NET Framework is only supported on the Windows platform.

The following steps will install the certificate in the your certificate store. This should be done on the server where your application will run.

  1. Double-click on the actual certificate file (CertificateName.p12)
  2. Save the certificate in Current User or Local Machine and click Next
  3. Use the suggested filename. Click Next
  4. Enter password for private key and select Mark this key as exportableClick Next
  5. Select Automatically select the certificate store based on the type of certificate
  6. Click Next and Finish
  7. Accept the certificate if prompted
  8. When prompted that the import was successful, click OK


If you for some reason are not allowed to store the business certificate with the exportable flag, it can be added to the store using the following script:

certutil -p <password> -csp “Microsoft Enhanced RSA and AES Cryptographic Provider” -importpfx <filename> NoExport,AT_SIGNATURE.

In order to use the certificate you have just installed, the thumbprint of the certificate must be retrieved. It can be done in the following way:

  1. Start mmc.exe (Press the windows button and type mmc.exe)
  2. Choose File -> Add/Remove Snap-in… (Ctrl + M)
  3. Mark certificate and click Add >
  4. If the certificate was installed in Current User choose My User Account and if installed on Local Machine choose Computer Account, click Finish and then OK
  5. Expand Certificates node, select Personal and open Certificates
  6. Double-click on the installed certificate
  7. Go to the Details tab
  8. Scroll down to Thumbprint
  9. Copy the thumbprint


If you are using the Java client library, there is no need to install the enterprise certificate. It can be loaded directly from file.