In order to provide secure services and solutions to our customers, Nordea will discontinue the support of the SHA1 certificate and digital signature because of weaknesses in the SHA1 algorithm, and replace it with SHA256.
On May 20th, the old SHA1 service will be closed and customers should use SHA256 service instead. Please find the links and the technical specification of the SHA256 service in the documents below. Please kindly note that SHA256 service works slightly differently than the old SHA1 service, and some development is needed so that your client software uses SHA256 algorithm in digital signature.
If you are using Web Services connectivity provided by vendor, please contact your vendor.
Newsletters:
Latest: Web Services SHA256 Change - NewsletterOpens new window
Documents:
1. Technical change description: Web Services SHA256 - Technical Change DescriptionOpens new window
2. Frequently Asked Questions: Web Services SHA1-SHA256 Migration FAQOpens new window
3. Quick Guide to Adapt to SHA256 service: Web Services SHA256 -Quick Guide for adapting SHA256 serviceOpens new window
Certificate:
Nordea's Web Services signature certificate and its Root CA certificates in SHA256 service (new service, link can be found from Technical change description document)
If customers validate Nordea's responses using this certificates, this certificate needs to be installed.
Possible error for customers who didn't install it correctly: error related to certificate validation.
In case of errors especially when you have uploaded payment files, please don't send in files again, but contact Support team instead.
Opens new windowThis is the Root certificate of the signature certificate of Nordea Web Services server in SHA256 service. Certificate validity is 15years.
If customers validate Nordea's responses using this certificates, this certificate needs to be installed.
Possible error for customers who didn't install it correctly: error related to certificate validation.
In case of errors especially when you have uploaded payment files, please don't send in files again, but contact Support team instead.