JWS Certificates
Each DFSP must have a JSON Web Signature (JWS) certificate from the other DFSPs and from the Hub.
The JWS Certificates page allows you to:
-
upload your own JWS certificate
-
retrieve the JWS certificate of other DFSPs or the Hub
DFSP JWS certificates
The DFSP JWS Certificates tab allows you to share your JWS certificates with other DFSPs and the Hub Operator.
Upload certificates
To upload your JWS certificate chain, complete the following steps.
Prerequisites:
You have created a "wrapped" public key for uploading. For details on how this is done, see Appendix A: Create a JWS certificate.
Steps:
-
In the JWS Certificate field, click Choose File, and select your JWS certificate saved on your computer.
-
Uploading an intermediate chain is optional. To upload an intermediate chain, in the Intermediate Chain field, click Choose File, and select the JWS certificate chain saved on your computer.
-
Click Submit. On submitting certificates, they are validated. To see validation rules or issues found during validation, click View Details. The following details are validated:
-
The certificate must be valid at the present time according to the certificate validity period.
-
The certificate key length must be 2048 bits.
-
| On uploading a certificate, Connection Wizard renames the file so that the file name includes information about the name of the DFSP and the type of the certificate (root, intermediate, server). This means that you will see the original file name of your certificate change to a value assigned by Connection Wizard. |
| The intermediate chain must be presented as a single file. If your intermediate chain is made up of multiple files, combine them into one file in the following order: host certificate first, then the certificate that signs it, then the certificate that signs the previous certificate, and so on. Go from the most specific certificate to the least specific certificate, with each certificate verifying the previous one. |
Click View to view details of the certificate. Click Download to download a certificate for manually handing over to the Hub (if required).
Remove or replace a certificate
If you wish to remove or replace a certificate after it has been uploaded, complete the following steps:
-
Click Remove File next to the relevant field. This removes the certificate.
-
To add a new certificate in place of the one you removed in Step 1, upload the new certificate by clicking Choose File next to the relevant field and selecting the certificate file on your computer.
Other DFSPs' JWS certificates
The Other DFSPs' JWS Certificates tab allows you to retrieve the JWS certificate of another DFSP or the Hub itself for installing on your inbound gateway.
You can search for a certificate by typing a keyword in the Search DFSP JWS Certificates search box and pressing Enter. In addition, if you select the Show only in the same monetary zone checkbox, then only the JWS certificates of those DFSPs will be displayed that are in the same monetary zone as you.
| DFSPs can only download the JWS certificates of other DFSPs within the same monetary zone. For other DFSPs in a different monetary zone, the Download button is disabled. |
Information about the validity of a certificate is also displayed. Click View Details for validation rules or issues found during validation. The following details are validated:
-
The certificate must be valid at the present time according to the certificate validity period.
-
The certificate key length must be 2048 bits.
To download the certificate, click Download.
|
After downloading another DFSP’s or the Hub’s JWS certificate, remember to extract the public key. You can extract a public key from a JWS certificate using the following openssl command:
Alternatively, you can use the KeyStore Explorer tool. For details, see Appendix B: Extract a public key from a JWS certificate. |