In order to provide secure services and solutions to our customers, Nordea will discontinue the support of the SHA1 certificate and digital signature because of weaknesses in the SHA1 algorithm, and replace it with SHA256.
On May 20th 2024, the old SHA1 service was closed and customers use SHA256 service instead.
In Feb 2025, customers' requests using SHA1 algorithm will be rejected.
If you are using Web Services connectivity provided by vendor, please contact your vendor.
Newsletters:
Web Services SHA256 Change - Newsletterpdf - Opens new window
Documents:
1. Technical change description: Web Services SHA256 - Technical Change Descriptionpdf - Opens new window
2. Frequently Asked Questions: Web Services SHA1-SHA256 Migration FAQpdf - Opens new window
3. Quick Guide to Adapt to SHA256 service: Web Services SHA256 -Quick Guide for adapting SHA256 servicepdf - Opens new window
Certificate:
Nordea's Web Services signature certificate and its Root CA certificates in SHA256 service (new service, link can be found from Technical change description document)
If customers validate Nordea's responses using this certificates, this certificate needs to be installed.
Possible error for customers who didn't install it correctly: error related to certificate validation.
In case of errors especially when you have uploaded payment files, please don't send in files again, but contact Support team instead.
zip - Opens new windowThis is the Root certificate of the signature certificate of Nordea Web Services server in SHA256 service. Certificate validity is 15years.
If customers validate Nordea's responses using this certificates, this certificate needs to be installed.
Possible error for customers who didn't install it correctly: error related to certificate validation.
In case of errors especially when you have uploaded payment files, please don't send in files again, but contact Support team instead.