How to create eIDAS certificate with QWAC and QSealC profiles (PSD2 specific attributes) for testing

Question

I want to create a eIDAS certificate with QWAC and QSealC profiles with PSD2 specific attributes as mentioned in the doc. Please help me, this is just for testing purposes.

https://docbox.etsi.org/ESI/Open/Latest_Drafts/ts_119495v000003_for-public-review.pdf

Answer 1

For me the simplest option was to use OpenSSL command line utility:

openssl req -new -config qwac.conf -keyout qwac.key -out qwac.csr && openssl x509 -req -in qwac.csr -signkey qwac.key -out qwac.crt

qwac.conf is openssl config where you have to set PSD2 specific fields as described here. Configs for QWAC and QSealC can be exactly the same, just need to run command twice.

Answer 2

I would like to extend @guymoyo's answer with clearer instruction. Xs2a (https://github.com/adorsys/xs2a) repository provides a docker image for Xs2a certificate generator: https://hub.docker.com/r/adorsys/xs2a-certificate-generator

So to generate your own TPP certificate all you need to do:

1. Run docker image

docker run -p 8092:8092 adorsys/xs2a-certificate-generator

2. Open your browser and navigate to Swagger UI http://localhost:8092/swagger-ui.html
3. Or directly to createCertUsingPOST Swagger operation
4. Click on Try it out of createCertUsingPOST
5. Generated certificate will appear in the endpoint response

Answer 3

I too created a certificate generator.

Based on ts_119495v010302p.pdf

https://github.com/payoneer/Psd2CertificateGenerator

Used .Net Core 3.1

Feel free to comment, suggest, report issues and create pull requests.