In support to provide secure services and solutions to our customers, Nordea will discontinue the support of the SHA1 certificate and signing signature because of weaknesses in the SHA1 algorithm, and replace it with SHA256.
Documents:
1. Technical change description: Web Services SHA256 - Technical Change Description (pdf, 383 KB)Opens new window
2. Frequently Asked Questions: Web Services SHA1-SHA256 Migration FAQ (pdf, 261 KB)Opens new window
Certificates:
1. Customer SHA256 DEMO certificates(RSA 2048 Bits). Customers can use these to test whether systems can handle SHA256 certificates and establish Web Services connection to existing and new services.
Only GetUserInfo, and DownloadFileList and DownloadFile function with file type of VKEUR can be used by DEMO certificates. Please don't renew or revoke these certificates because they are shared for all customers.
With GetUserInfo, response will be ResponseCode=24, ResponseText=Content not found. This means that the connection was successful but there is no service overview to show with this test user.
Logon ID: 15330019342. Target ID: 11111111A1
2. Nordea's Web Services signature certificate and its Root CA certificates in SHA256 service (new service, link can be found from Technical change description document)
If customers validate Nordea's responses using this certificates, this certificate needs to be installed.
Possible error for customers who didn't install it correctly: error related to certificate validation.
In case of errors especially when you have uploaded payment files, please don't send in files again, but contact Support team instead.
(zip, 1 KB)Opens new windowThis is the Root certificate of the signature certificate of Nordea Web Services server in SHA256 service. Certificate validity is 15years.
If customers validate Nordea's responses using this certificates, this certificate needs to be installed.
Possible error for customers who didn't install it correctly: error related to certificate validation.
In case of errors especially when you have uploaded payment files, please don't send in files again, but contact Support team instead.