Information on the transition to SEID 2.0
Norway has now switched to a new standard for Enterprise Certificates called SEID 2.0 which corresponds to EU legislation. Businesses can now communicate effectively and securely across national borders.
The previous national certificate profiles SEID 1.0 are now being replaced with the new updated certificate profiles SEID 2.0, which are in line with the European standard and law, called the eIDAS regulation for trust services. The reason for the upgrade is to increase trust in digital transactions in the EU and create a common basis for securing digital interactions, so that everyday life becomes easier.
What are the benefits for you?
- Increased security with stronger cryptography. Public key size Root CA from SHA256 2048 to SHA512 4096.
- Better interoperability for the use of Enterprise Certificates and eSeals throughout EuropaSeid 2.0 eIDAS
- Standardization according to common European regulations
What do you have to do?
All businesses that handle enterprise certificates and e-ID must make technical changes to the systems in order to be able to read the new certificate profiles. We recommend everyone to start well in advance as the changes can take a long time to implement. A good start is to use test certificates to get started. Test certificates are available to order here .
Private individuals and end users of the Enterprise Certificate and e-ID do not need to do anything. Customers who have received e-ID certificates with SEID 1.0 profile can use their e-ID throughout their lifetime.
Technical preparations
When you have received new test and production certificates, you can look at the following:
- TEST CA Enterprise Certificates
Add new Root CA and intermediate Issuer Public certificate:
Issuer certificate: https://crt.test.commfides.com/G3/CommfidesLegalPersonCA-G3-TEST.crt
ROOT certificate: https://crl.test.commfides.com/G3/CommfidesRootCA-G3-TEST.crt
Alternatively visit this link to download new Root and intermediate certificate.
- CRL and OCSP links for checking the validity of Business Certificates:
CRL – https://crl.test.commfides.com
OCSP – https://ocsp.test.commfides.com
OCSP – https://ocsp.test.commfides.com (incl. social security number) - PRODUCTION CA Business certificates
Add new Root CA and intermediate Issuer Public certificate:
Issuer certificate: Download Sub CA Certificate
ROOT certificate: Download Root CA Certificate - CRL and OCSP link for checking the validity of Enterprise Certificates:
CRL – https://crl.commfides.com
OCSP – https://ocsp.commfides.com
OCSP – https://ocsp.commfides.com (incl. social security number) - Update new OIDs in the system for certificate control, if this is activated.
An example of a new OID is 2.5.4.97. See pictures below. - Check whether the new fields in the Enterprise Certificates are read and that they are read correctly.
See pictures below for example. - Perform a test to check whether the Enterprise Certificates work as expected in both the test and production systems.
- If you have questions or need help, contact our customer service at servicedesk@commfides.com or on phone 21 55 62 60.
Certificates with SEID 1.0 profile
Certificates issued with the SEID 1.0 profile look as follows:
Certificates with SEID 2.0 profile
There are some changes in the SEID 2.0 profiles, as shown in the image below. Note the change in the O field.
In addition, there will be new OIDs. OrganizationIdentifier 2.5.4.97 = NTR “country code” becomes 2.5.4.97 as shown below.
The encryption and signing certificate can be delivered with RSA or elliptic curves.
Certificates with SEID 2.0 profile look like this:
SEID is a collaborative project between several Norwegian actors. You can find more information about the SEID collaboration here.
FAQ - Frequently asked questions about SEID 2.0
Question: Will there be an overview of which suppliers and which programs are able to handle SEID 1.0 and 2.0?
Answer: We can confirm that Commfides will handle SEID 1.0 and 2.0.
The Norwegian Digitalisation Agency has compiled an overview of its joint solutions and the status of adaptation to SEID 2.0. Here is an overview of the status of several public systems.
Question: Will Commfides support legacy endpoint for OCSP for the full lifetime of legacy certificates so we can always rely on the endpoint in the certificate?
Answer: Commfides will support existing endpoints for CRL and OCSP for the entire period until the certificates expire, no later than 31 December 2024.
Question : Will the organizationIdentifier field be exposed in the LDAP directories, so that SEIDv2 certificates can be searched based on the organization number?
Answer: Commfides will export the new 2.5.4.97 = NTRNO-ORGNUMBER fields in LDAP.
Do you have other questions?
If there is something you cannot find an answer to here, you can contact project manager Geir Heldahl at geir.heldahl@commfides.com, or contact the switchboard for more information.
