Service certificates for social welfare and healthcare
Server certificates and system signature certificates for social welfare and healthcare organisations needed during the use of Kanta Services.
Service certificates are software certificates used to authenticate a service provider’s server or service. Service certificates for social welfare and healthcare service providers include
- Server certificate for social welfare and healthcare service providers
- Test server certificate for social welfare and healthcare service providers
- System signature certificate for social welfare and healthcare service providers
- Test system signature certificate for social welfare and healthcare service providers.
The Population Register Centre produces the server certificates needed by service providers and pharmacies as well as their IT service providers for the use of Kanta Services.
An organisation signing up to use Kanta Services will need server certificates for the use of the ePrescription and eArchive services. A server certificate is needed to secure the telecommunications link (TLS secured) between the server of an organisation joining the services and the Katso server.
When signing up for the Kanta Service patient data archive you will need a system signature certificate. A system signature certificate is used to electronically sign documents that are not signed using healthcare professional certificates.
There are also test certificates available that are intended for use in test environments.
A service certificate is granted to a private actor or association that handles the administration of its own domain name. Service certificates for healthcare and social welfare are granted to organisations registered in the National Institute for Health and Welfare register for healthcare and social welfare organisations.
A server certificate for healthcare and social welfare services is valid for at most two years.
In the more recent telephone certificates, the serial number of the certificate follows a new longer format, which may have to be taken into account in the development of information systems to avoid interoperability problems.
The old, longer format: hex 0bf4eab0 = decimal 200600240
The new, longer form: hex 0100000168f0a805c366b43b5de968c691fb = decimal 87112293252494463413683796322992020427259
Do the following
Apply for a service certificate via e-services. Applying for a certificate will require that you register as an e-service user. At the time of registration, the user creates a customer account for the organisation they represent, and they can then invite other users or a technical contact to this account. Registration will require strong identification from the user.
In your application, list your organisation’s long name in accordance with Kela’s and the National Institute for Health and Welfare’s national coding service as additional information (e.g. for pharmacies Helsingin VI apteekki).
Fill in the application and attach the certificate request to it (CSR file), or, alternatively, invite a technical contact to your account to attach the certificate request.
A system signature certificate application is complete and signed by the healthcare service provider that handles administration of the information system in question, although the technical maintenance of the service is outsourced to another organisation. An application can also be submitted by an actor entered in the National Institute for Health and Welfare’s Kanta provider register that is applying for a system signature certificate in their own name. In this case enter the following into the field marked technical contact person’s organisation: “Kanta provider”
A service provider applying for a private social welfare and healthcare services system signature certificate must attach a certificate of conformity for their system to the application.
You can view the processing stages for the request in your own e-service account.
The delivery time for service certificates is at most five workdays, if the application has been filled in correctly and the necessary attachments have been submitted. The service certificate is delivered to the applicant or the technical support person they have specified by email in der or pem format.
The application will expire if it has been pending for more than 6 months and it is completed incorrectly or the necessary attachments are missing.
A service certificate must be revoked if it is suspected that the certificate holder’s private key has been compromised. A certificate must also be revoked if it is no longer needed or its purpose changes. A revoked certificate cannot be reinstated. The revocation request is submitted in the e-service.