Usage of the OU field (Organizational Unit) in server certificates is deprecated starting 1.9.2022. The change does not affect server certificates issued prior to 1.9.2022. The change does not require actions by our customers.
The validity time of new server certificates issued by Digital and Population Data Services Agency is one year starting 1.9.2020.
It is also necessary to identify the service provider in on-line services. The Digital and Population Data Services Agency issues server certificates to this end. They can be used for identifying public as well as private sector services. Using a server certificate lets the user of a service verify the authenticity of the service provider.
A server certificate enables SSL-protected communications between a browser and the server or between two servers. A server certificate is issued for one or two years, as chosen by the certificate applicant. Key pairs used by server certificates are created by the server administrator. The key may be 2048 or 4096 bits long.
Digital and Population Data Services Agency is the only Finnish Certificate Authority offering EU-qualified QWAC certificates (Qualified website authentication certificate).
The server certificate's use may be defined by usage:
- for server authentication
- for client authentication
- both simultaneously (server authentication and client authentication).
Server certificates issued by the Digital and Population Data Services Agency may be used to implement three kinds of on-line services:
- server-only certificate
- server certificate and user certificate (non-predetermined users)
- server certificate and user certificate (predetermined users)
In the more recent telephone certificates, the serial number of the certificate follows a new longer format, which may have to be taken into account in the development of information systems to avoid interoperability problems.
The old, longer format: hex 0bf4eab0 = decimal 200600240
The new, longer form: hex 0100000168f0a805c366b43b5de968c691fb = decimal 87112293252494463413683796322992020427259
Server-only certificate
The pages of a Web service are defined to entirely or partially use protected communications. In this case, communications are protected from external parties between the server and the user's browser (SSL/TLS). In this solution, a Certificate Authority's certificate trusted by both parties needs to be installed on the server and the user's browser. The Digital and Population Data Services Agency sells server certificates to service providers. Services may utilize a traditional combination of user ID and password.
Server certificate and user certificate (non-predetermined users)
As in the previous section (a server-only certificate), but users receive certificates issued by a trusted Certificate Authority (card, card readers and card reader software, for instance SetWeb or SmartTrust Personal software), based on which different services for a broad, non-predetermined user base are implemented. Typical examples of this are governmental services and, e.g., web stores. It provides strong user authentication. Utilizing user certificates does not cost anything for the service provider! The electronic client identifier in the Citizen Certificate may be used to retrieve the user's personal identity number and/or postal address from the Population Information System (Digital and Population Data Services Agency's non-free service, also requires permission to disclose information) by way of an application query. Other unique IDs are used in organization certificates. Enables electronic signature of data (documents).
Server certificate and user certificate (predetermined users)
As in the previous section (server certificate and user certificate, non-predetermined users), but the user certificate is linked to some (operating system, database, etc.) user ID and user rights. In this solution, the user's certificate needs to be retrieved in advance to link the user’s ID with, e.g., LDAP. The certificate may also be copied directly from the card in the presence of the cardholder. In this case, the issuer of the user right sees the ID card (and its holder). An ID card's Citizen Certificate or organization-specific organization certificates may be used as certificates.
This is a typical option in systems where databases are updated, for instance. Different users have different rights in the system. It is popular for both Intranet and extranet uses. This method can also be used in specifying an on-line service's maintenance IDs in the first two options above.
Users do not need to remember different user IDs and passwords, making user ID management easier. Certificate validity and revocation list checks must be performed.
In practice, an extensive on-line service comprises parts of the previous sections. For instance, user certificates are linked to existing customer data (e.g. a customer postal address is requested from the user instead of programmatically retrieving it from the Population Information System). Existing background systems and the service's functionality requirements have an effect on its implementation.
Server certificates may also be utilized elsewhere, such as in e-mail servers and for mutual communication between different gateway software and hardware.
- Individuals
- Processing times
- Marriage
- Examination of impediments to marriage
- Marriage ceremony
- Prenuptial agreement
- Notification of a marriage concluded abroad
- Divorce granted abroad
- Registration of the act applicable to the matrimonial property regime
- Registration of a deed of division of property
- Dissolution of cohabitation
- Removal of marital rights to property
- Extracts issued of the register on the right to officiate at weddings
- Having or adopting a child
- Names
- Moving
- Guardianship
- Continuing power of attorney
- Appointment of a guardian
- Duties of the guardian
- Guardianship for a minor
- Who can act as a guardian?
- Actions that require the permission of the guardianship authority
- Appointing a substitute guardian
- Termination of guardianship
- Giving up the guardian’s task
- Guardianship authority's means of supervision
- Looking after the interests of an absent person or the future owner of the property
- Restrictions to competency and declaration of incompetence
- Extracts from the Register of Guardianship Affairs
- Life changes while living abroad
- Registration of a child born abroad
- Marriage concluded abroad
- Partnership registered abroad
- Divorce granted abroad
- Registration of a name change performed abroad
- Death abroad
- Registration of citizenship
- Notification of retaining Finnish citizenship
- Legalisation of foreign documents
- Submitting foreign documents
- As a foreigner in Finland
- Elections and Right to vote
- Suomi.fi Web Service
- Citizen Certificate and electronic identity
- Certificates from the Population Information System
- Population information in the Population Information System
- Registration of a gift notification
- Services of notary public
- Certification of purchase
- Citizens’ initiative
- Death and estate inventory
- Public Service Info
- Address service
- Forms
- Digital support for citizens
- Organisations
- Certificates
- Updating customer registers
- Sampling services
- Search services of the Population Information System
- Local Register Office Register search services
- Extracts from registers
- Maintaining the Population Information System
- Suomi.fi services
- Services to promote digitalisation
- Digital support
- Digital security services
- Services of notary public
- Certification of purchase
- Right to officiate weddings
- E-services
- Finnish Authenticator identification service
- About the agency