Versions Compared

Old Version 2

changes.mady.by.user Kris STRASZAK

Saved on

compared with

New Version Current

changes.mady.by.user Kris STRASZAK

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

To renew your SMP certificate, you need to register the new certificate in DomiSML. Follow these steps:

  1. Use the DomiSML Web Service: Call the PrepareChangeCertificate operation in the BDMSLServiceInterface to schedule the certificate change on a future date.
  2. Ensure these pre-requisites are met:
    1. Your current certificate is still valid.
    2. The new certificate complies with permission rules in DomiSML.
    3. You have the new certificate file ready.
  3. Important details:
    1. If a migrationDate is provided, the new certificate must be valid from that date.
    2. If no migrationDate is provided, the Valid From date in the new certificate will be used as the migration date, and this must be a future date.

Two cases are possible:

  • Your certificate is still valid: go to Case 1
  • Your certificate is already expired: go to Case 2

CASE 1:  Your DomiSMP certificate is still valid

The following procedure is to be followed while the certificate that is already registered in the DomiSML is still valid. The DomiSMP must call the Webservice operation PrepareChangeCertificate in BDMSLServiceInterface to change the certificates in SML on a predefined future date. The operation PrepareChangeCertificate expects a new trusted certificate.

Pre-requisites:

  • The current certificate of the user is valid,
  • The new certificate must be compliant with user permission rules for DomiSMP in DomiSML,
  • The user has the new certificate for the DomiSMP(s).

Description:

This operation allows a DomiSMP to prepare a change of its certificate. It is typically called when a DomiSMP has a certificate that is about to expire and already has the new one. This operation must be called while the certificate that is already registered in the DomiSMP is still valid.

If the migrationDate is not empty, then the new certificate MUST be valid at the date provided in the migrationDate element.

If the migrationDate element is empty, then the "Valid From" date is extracted from the certificate and is used as the migrationDate. In this case, the "Not Before" date of the certificate must be in the future.

Error management:

  • Fault: unauthorizedFault - returned if the caller is not authorized to invoke the PrepareChangeCertificate operation
  • Fault: badRequestFault - returned in one of thoses cases:
    • The supplied request does not contain consistent data,
    • The new certificate is not valid at the date provided in the migrationDate element,
    • The migrationDate is not in the future,
    • The migrationDate is not provided and the "Not Before" date of the new certificate is not in the future,
    • The migrationDate is not provided and the "Valid From" is in the past.
  • Fault: internalErrorFault - returned if the BDMSLservice is unable to process the request for any reason.

CASE 2: Your DomiSMP certificate is already expired

The following procedure must be followed to update the existing DomiSML registrations currently linked to the Old certificate when the Certificate of DomiSMP is already expired:

  1. In DomiSML Database, the existing registrations are linked to the old certificate and these registrations need to be updated when changing certificate in order to support updates or removal of old SML entries with the new certificate.
  2. You need to send the details for the new certificate to eDelivery SUPPORT EC-EDELIVERY-SUPPORT@ec.europa.eu and request the update for a specific time.

The information you need to provide is: your new certificate file(.cer), the serial number, the DomiSMP ID and the environment (Production or Acceptance).

Example: 

...