HomeSignicat websiteSupport
Search…
Signicat Documentation
Releases
Release Notes: Signicat NextGen
Release Notes
MySignicat
MySignicat Overview
MySignicat Dashboard
Federation Dashboard
Admins Management
Signicat Identity Broker
Identity Broker Overview
Certificates in Identity Broker
Identity Broker Dashboard
Service Providers
Authentication Providers
Message Log
Broker Settings
SAML Attribute Consuming Services
Level of Assurance Contracts
Attribute Filters
Service Catalogue
Broker Services
Features & Specifications
eHerkenning Broker
Intro to eHerkenning Broker
Configure eHerkenning Broker
BSNk Polymorphic Decryption Keys
Interface Management
Communication
Customer Identity and Access Management
CIAM Overview
CIAM Dashboard
Managing Organisations
Managing Users
Managing Roles
Custom Attributes
CIAM Settings
SCIM API v1.0
SDK
Signicat Adapters
Web SDK
Mobile SDK
API Documentation
Knowledgebase
Frequently Asked Questions
Glossary
eID Overview
About Belgian eID (.beID)
About CIAM
About DigiD
About Digital Passport
About eHerkenning/eIDAS
About iDIN
About IRMA
About itsme
About UZI Pas
Protocol information
Connectis Identity Broker (deprecated)
Configure Your Environment with MyConnectis
Configuring eIDs
Connecting Your Application
Generic information
Testing Toolkit (deprecated)
SCIM API v0.1 (deprecated)
Support
Powered By GitBook
Certificates in Identity Broker
This section outlines the process for attaining and managing certificates in order to use Signicat Identity Broker.
Important: To start connecting to the Signicat Identity Broker, please start with the steps as described on this page. Without following these important steps you may experience delays, technical difficulties and/or even unnecessary expenses.
In order to set-up your Identity Broker environment, Signicat requires a subdomain reserved through DNS for the use of the Signicat Identity Broker. This will enable you to make use of the different Identity Providers.

Step 1: Get a Certificate Signing Request (CSR) from Signicat

To purchase a certificate, the first thing you will need is a Certificate Signing Request (CSR). This must be provided to you by Signicat.
In order for Signicat to generate a CSR for you, the following information is required:
  1. 1.
    The desired subdomain name you want to host the MySignicat environment (Signicat Identity Broker) on.
  2. 2.
    Company information (OIN or Chamber of Commerce number).

Step 2: Purchase PKIO certificates using Certificate Signing Requests (CSRs)

The Signicat Technical Support team will generate a CSR for you based on the information you have provided. Once you have received the CSR, you will now be able to purchase PKI Overheid certificates which are mandatory for DigiD and eHerkenning. The PKIO Certificate type you require is "Server CA 2020".
Please ensure that:
  1. 1.
    You do not independently purchase the certificates. Only use of the CSRs provided by Signicat.
  2. 2.
    You do not purchase any other kind of certificate than PKI Overheid (PKIO).
  3. 3.
    The certificate type is "Server CA 2020".
Important: When ordering from KPN, please explicitly ask them to make use of the CSR we have provided.
It is important to remember that self-signed certificates, Let's Encrypt certificates, and the likes, are not allowed. We require PKIO Certificates and the level of assurance they provide. There are two certificate providers that sell PKIO certificates:
  1. 1.
    ​QuoVadis​
  2. 2.
    KPN
You will require a certificate for both the production and the pre-production environments. The number of certificates you must purchase in total, however, depends on the eID method being used. DigiD, which is more strict than most, requires certificates for:
  • the (sub)domain that is used to host the application on your end, and,
  • the subdomain that is used to host the SIB on our end.
Once you have received the certificates from the certificate provider, send the public part of the certificates (which will have the .pem or .cer file extension) to the Signicat Technical Support team.

Step 3: Invitation to set up your MySignicat account

Once your SIB environment has been set up, you will receive a notification from the Signicat Technical Support team and an invitation to start configuring your MySignicat account.
You will now be able to start connecting to the Signicat Identity Broker!
Tip: You can find more information on certificates in our Frequently Asked Questions section:
  1. 1.
    ​Setting up an eHerkenning connection​
  2. 2.
    ​Questions about your connection​
​
In case any of the steps mentioned above are unclear, please contact Technical Support via email or by calling
Signicat Identity Broker - Previous
Identity Broker Overview
Next - Signicat Identity Broker
Identity Broker Dashboard
Last modified 7d ago
Copy link
Contents
Step 1: Get a Certificate Signing Request (CSR) from Signicat
Step 2: Purchase PKIO certificates using Certificate Signing Requests (CSRs)
Step 3: Invitation to set up your MySignicat account