Learn more about secure e-mail

Before issuing certificates, please familiarize yourself with the certificate policies that apply. See certificate policies and audit guidelines at certificat.gov.dk

Supervisory body for Danish Trust Services: Front page

When the user logs in or signs digitally with their private or a separate MitID identification means, there is no need for a certificate.

If your users need to identify themselves with a certificate, for example to be able to use special services, you can allow the use of user certificates.

Certificates are also used for secure email. In MitID Erhverv, secure email is not actively supported. However, it is possible to download certificates that you can use to send secure emails to, for example, business partners and colleagues. Please note that using certificates for secure email requires separate configuration of software, which the Agency for Digital Government does not provide support for.

Learn more about secure email

Certificates are ordered by the user administrator and are then issued directly by the user himself.

Please note that the certificate is valid for 3 years and must then be renewed.

In MitID Erhverv, you're able to:

• perform searches by using UUID, the name or e-mail address of the certificate’s contact person, and the e-mail address registered in the certificate (only for organisations that have more than 8 certificates)
• export a list of certificates in your organisation to a CSV-file.

Learn how you can perform searches and export a list of certificates under “Certificates” on the page on user administrators

Organisation certificates are used to identify the organisation when it needs to access web services and other services provided by service providers.

They can also be used to encrypt the data transferring to and from the services.

You must assign a contact person who will receive a notification if the certificate needs to be updated or is blocked.

You can have more than one organisation certificate. Therefore, you must always name new certificates so that you can distinguish between them.

There are 2 types of certificates you can use in your organisation:

• An organisation certificate is a certificate that you use to represent your organisation. The certificate does not contain any information on individuals, but the certificate typically only contains the organisation's name, CVR number and an email address.
• A system certificate is a specialisation of the organisation certificate. The system certificate represents a specific system in your organisation. The certificate is issued to and used by the system, so that the system can identify itself to other systems and encrypt the traffic between the systems.

Please note that the certificate is valid for 3 years and must then be renewed. If you order an organisation certificate or system certificate that shows an e-mail address, you must validate the e-mail address you have specified. You must validate the e-mail address before issuing the certificate.

If you have more than 8 certificates in your organisation

If you have more than 8 certificates, the user administrator in your organisation has the option to:

• search for certificates via UUID, contact person, e-mail and the e-mail of the certificate
• export a list of certificates as CSV file.

Learn how you can perform searches and export a list of certificates under “Certificates” on the page on user administrators

Organisation certificates can also be used to form the seal of the organisation. Seals for organisations work in the same way as signing by natural persons.

Seal formation means that selected certificate profiles can be used to give users the opportunity to sign on behalf of the organisation without the user's name appearing. A certificate profile controls the creation of its associated certificates, where especially basic data (information about your organisation such as your CVR number) is reused. Organisation name and CVR number are mandatory information.

In the certificate profile, you can allow the certificate to be used for signing (or creating seals for organisation and system certificates).

The Agency for Digital Government tilbyder på nuværende tidspunkt ikke kvalificerede certifikater med lang levetid.

The signing solution has a QSCD included. Certificates for the solution will have a short lifetime and will not be persisted. Therefore, they cannot be used in other contexts.

It is not necessary to retrieve a user certificate in order to use the signing services. 

A qualified user certificate is automatically issued at the time of signing. It is short-term, single use certificates that are only used when an employee needs to sign a document.

When issuing a certificate, you must choose how you want to collect the certificate from MitID Erhverv. In other words, the way in which the user must identify themselves in order to have the certificate issued.

In most cases, it is easiest to retrieve the certificate via user login in the browser, unless you have special needs.

Note, if 'via API is selected, this applies to how you retrieve the certificate and not what the certificate is to be used for, such as issuing a certificate to secure APIs.