There may be occasional breaks in the service due to maintenance. We apologise for any inconvenience.
Retrieving a certificate
When an organisation requests a certificate in the Tax Administration’s certificate service, it must name a technical contact person for the certificate.
If you have been named as a certificate’s technical contact person, you are responsible for retrieving, deploying, and using the certificate.
Transfer IDs will be sent to the technical contact person
You will receive a secure email which includes the transfer IDs and one-time password required to retrieve the certificate. Click the ‘Open message’ button in the email to receive a text message which includes the PIN code you need to read the secure email.
- Once the transfer IDs have been sent, they will be valid for 14 days, during which the certificate must be retrieved.
- If the IDs expire, you need to request a new certificate. Transfer IDs can only be used once.
Retrieving certificates requires technical skills.
Retrieve the certificate from the API or e-service
Certificates can be retrieved in two ways. No matter which you use, you require transfer IDs, a one-time password and certificate signing request (CSR).
A
Retrieve certificates from the API
Address of the production certificate API:
- https://pkiws.vero.fi/2017/10/CertificateServices (TCP port 443)
B
Retrieve certificates from the e-service
Retrieve production certificates from the ‘Production certificates’ section.
- Identify yourself in the Tax Administration’s certificate service using your online banking codes, a mobile certificate or a certificate card.
- To act on behalf of an organisation, you also need a Suomi.fi authorisation.
Login link to 'Production certificates’ section is available in the Tax Administration’s certificate service website.
If the retrieval fails, you can request the certificate again and use the previous request as a template. You will receive a new secure email with new transfer IDs.
Once you have retrieved your certificate, you are responsible for adding it to your software. The API cannot be used without the certificate.
The Web Service channel is ready for use immediately after the certificate has been retrieved as instructed.
Once the certificate for the SFTP channel has been retrieved as instructed, the certificate's technical contact person will receive by email the SFTP channel's user ID within 24 hours. After this, the SFTP channel is ready for use. If an organisation applies for more certificates for the same channel, a new user ID will not be sent. Instead, the same user ID that was used with the first certificate must still be used. A new certificate will be available within 24 hours of retrieving it.
Certificate validity and contact person
A certificate is valid for two years, after which it must be renewed. Remember to renew the certificate within two years, i.e. before its validity expires. You will receive a notification of an expiring certificate 60 days before it expires.
If the certificate’s technical contact person is replaced in your organisation or your contact information changes, update the information in the e-service.
Are you looking for these?
Requesting production certificates and API access rights
Requesting testing certificates and testing API access rights
Page last updated 10/31/2024