Uploading a Hub JWS certificate

hub JWS cert
Figure 1. Uploading a Hub JWS certificate

To upload a Hub JWS certificate, complete the following steps.


  • A DFSP account has been created for the Hub specifically for the purposes of uploading the Hub JWS certificate to that. For details on how to add a DFSP account, see Adding a DFSP.

  • A "wrapped" public key has been created for uploading. For details on how this is done, see Appendix A: Create a JWS certificate.


On uploading a certificate, MCM renames the file so that the file name includes information about: 1) the type of certificate (for example: root, intermediate, server), 2) the environment (for example: sandbox, staging, production), 3) the name of the DFSP.
  1. Log in to MCM using the DFSP account created for JWS certificate upload purposes.

  2. Go to the DFSP JWS Certificates tab.

  3. Click Choose File in the JWS Certificate field, and select your JWS certificate saved on your computer. The Intermediate Chain field is optional.

    NOTE: The intermediate chain must be presented as a single file. If your intermediate chain is made up of multiple files, combine them into one file in the following order: host certificate first, then the certificate that signs it, then the certificate that signs the previous certificate, and so on. Go from the most specific certificate to the least specific certificate, with each certificate verifying the previous one.

  4. Click Submit. On submitting the certificate, it is validated. The following details are validated:

    • The certificate must be valid at the present time according to the certificate validity period.

    • The certificate key length must be 2048 bits.

If you have accidentally uploaded the wrong certificate, you can re-upload a new certificate and that will replace the old one.