AUTH and SIGN certificates are used for communication between security servers to ensure secure data exchange on X-tee.

The AUTH certificate is associated with a specific security server and is used in the data exchange to authenticate the security server. In the data exchange, it is checked that the security server connecting uses a valid auth certificate, which is also registered in the central server of the respective X-tee environment.

The SIGN certificate is linked to the authority of the X-tee member. The security server uses this on behalf of the X-tee member to sign messages. This creates a connection between the message and the X-tee member.

Applying for security server certificates.

If you have logged in to www.x-tee.ee self-service environment and want to apply for certificates for your authority, select the option "Apply for security server certificates" from your dashboard.

A new page will open with the name of the institution on whose behalf you want to order certificates, a check mark in the name of the institution and the option "Next".

Next, a new page "Certificate issuer" will open, ie a choice of certification service provider - to choose between RIA or SK ID Solutions AS. More information about trust services and the differences between their providers can be found here - https://abi.ria.ee/xtee/en/x-tee-usaldusteenused-ning-nende-pakkujad

NB! At the moment, it is not possible to order certificates from SK ID Solutions AS through the X-tee self-service environment. SK ID Solutions AS certificates can be ordered via the SK ID Solutions AS web form, which can be found on the following page (SK offers X-tee production and test environment certificates): https://www.skidsolutions.eu/en/services/services-for-member-of-x-tee/

Next, select either "Fill the request yourself" or "Authorize a Security Server administrator to request certificates"

Request Security Server certificates
To request Security Server certificates, you need to upload the certificate requests (CSR files). When using a X-tee hosting service, these can be provided to you by the hosting service provider. The CSR files are generated in the Security Server software. Find out more here. 

You can only order certificates for the chosen organization. If you are using a X-tee hosting service, you only need a SIGN certificate. If you are hosting your own Security Server, you will also need an AUTH certificate. For information about CSR files and the difference between AUTH and SIGN certificates, read more here. 

Authorizing a Security Server administrator to request certificates

A representative can authorize a Security Server administrator to request X-tee certificates on behalf of their organization. The authorized person will receive an e-mail about their authorization. The authorized person then must log in to the self-service environment and order the certificates.

If the previous selections have been made, the certificate order confirmation page will open, showing the applicant for which environment the certificate has been ordered and also the active environment (development – ee-dev, test – ee-test or EE (production) environment) will be displayed accordingly.

on the same page below, enter the e-mail address to which confirmation, certificates and notifications related to the requested certificates will be sent.

Next choose the signing method that suits you, digitally sign the application and the certificate application from the self-service environment will be automatically transferred to the RIA helpdesk, which will issue new certificates and send them back to you.

If you have any additional questions, please contact RIA Support at: [email protected]

NB! RIA will respond to your certificate application within 5 business days.