The use of the Raiffeisen Bank S.A APIs (henceforth the “API”) and Developer Portal (henceforth the „Portal“) requires Qualified Website Authentication Certificates (QWACs) as a method to authenticate ‘Internet Entity Identity’ and encrypt communications in order to provide confidentiality.
Under eIDAS, a QWAC is the legal term for the existing certificates that are issued under the Certification Authority & Browser Forum’s standards for Extended Validation Secure Socket Layer (EV SSL) Certificates.
The primary objectives of an EV SSL Certificate are to:
1. Identify the legal entity that controls a web site by providing reasonable assurance to the user of an Internet browser that the web site the user is accessing is controlled by a specific legal entity identified in the EV Certificate by name, address of Place of Business, Jurisdiction of Incorporation or Registration and Registration Number or other disambiguating information;
2. Enable encrypted communications with a web site by facilitating the exchange of encryption keys in order to enable the encrypted communication of information over the Internet between the user of an Internet browser and a web site.
If you are experiencing issues with your eIDAS certificate, accesing our Developer Portal, during the enrollment process/ consumption of our APIs please make sure on the following:
- CA signing your certificate is part of the official list of Qualified Trust Service Providers (QTSPs) available in the European Union,
- certificate is not expired,
- certificate is valid for the role you are authorized (i.e. AISP),
- certificate is not revoked by the National Authority,
- certificate is compliant with ETSI 119495 regarding PSD2 implementation.
Otherwise, in case you are not owning a test certificate or if you are still not able to consume our APIs please contact us here.