如何使用 QWAC 和 QSealC 配置文件（PSD2 特定属性）创建 eIDAS 证书以进行测试

Question

I want to create a eIDAS certificate with QWAC and QSealC profiles with PSD2 specific attributes as mentioned in the doc. Please help me, this is just for testing purposes.

https://docbox.etsi.org/ESI/Open/Latest_Drafts/ts_119495v000003_for-public-review.pdf

Answer 1

I had the same requirement months ago, and I wrote a eIDAS test certificate generator compliant psd2. I followed the ASN.1 Declaration giving by the "ts_119495v000003_for-public-review.pdf" document.

here is the link to generate eIDAS test certificate generator

And then here xs2a open srce we have write some certificate extractor, to extract psd2 attributes and roles from the generated certificate.

Answer 2

For me the simplest option was to use OpenSSL command line utility:

openssl req -new -config qwac.conf -keyout qwac.key -out qwac.csr && openssl x509 -req -in qwac.csr -signkey qwac.key -out qwac.crt

qwac.conf is openssl config where you have to set PSD2 specific fields as described here . Configs for QWAC and QSealC can be exactly the same, just need to run command twice.

Answer 3

I too created a certificate generator.

Based on ts_119495v010302p.pdf

https://github.com/payoneer/Psd2CertificateGenerator

Used .Net Core 3.1

Feel free to comment, suggest, report issues and create pull requests.

Answer 4

I would like to extend @guymoyo's answer with clearer instruction. Xs2a ( https://github.com/adorsys/xs2a ) repository provides a docker image for Xs2a certificate generator: https://hub.docker.com/r/adorsys/xs2a-certificate-generator

So to generate your own TPP certificate all you need to do:

1. Run docker image

docker run -p 8092:8092 adorsys/xs2a-certificate-generator

2. Open your browser and navigate to Swagger UI http://localhost:8092/swagger-ui.html
3. Or directly to createCertUsingPOST Swagger operation
4. Click on Try it out of createCertUsingPOST
5. Generated certificate will appear in the endpoint response