en el

PSD2 Certificates for the FinTech industry

A solution for Financial Institutions and Payment Service Providers

Are you a Financial Institution? Is your business dealing with electronic payment and open banking? Are you looking for security, privacy, and reliability for your electronic services across EU borders?

According to the EU directive 2015/2366 (PSD2), you need a Qualified Web Authentication Certificate (QWAC) and/or Qualified Electronic Seal Certificate (QSealC).

PSD2 at a glance

Payment Service Directive 2 (PSD2) is the second revised directive of an existing Payment Service Directive from 2007. The Regulatory Technical Standards (RTS) of PSD2 requires strong customer authentication using common and secure open standards of communication between all parties involved, to support Open Banking.

As from September of 2019 all EU financial institutions ensure that Payment Service Providers (PSPs) or Third-Party Providers (TPPs) can access their customer account data by using secure website certificates (QWAC).

All regulated entities that use APIs in order to provide account information services and/or to initiate payments, must be registered to a National Competent Authority (NCA) and need a Qualified Website (QWAC) and/or Qualified Seal (QSeal) Certificate to access the financial institution’s account data.

HARICA’s PSD2 Qualified Certificates

HARICA is a public Qualified Trust Service Provider (QTSP) per Regulation (EU) 910/2014 (eIDAS) and issues Qualified Certificates (QWACs and QSealCs) as specified in the PSD2 Regulatory Technical Standards (RTS):

  • SSL QWAC-PSD2 (Qualified Web Authentication Certificate - PSD2):
    • SSL/TLS Server Certificate that includes one or more FQDNs,
    • official identity information of the Legal Entity that owns/controls the domain(s)
  • eSeal - PSD2 (Qualified Certificate for Electronic Seals – PSD2):
    • Electronic Seal Certificate that includes information of the associated organization
    • official identity information for the Legal Entity

Get your QWAC-PSD2 starting at 400€ per year

and/or QSealC-PSD2 starting at 450€ per year

Contact_Us

Need more information about our services?

Send us your request at support@harica.gr or use our contact form at https://www.harica.gr/en/Contact/GetHarica !

DV certificates for Onion websites

UPDATE

Following the high demand for onion certificates, HARICA decided to extend the discount period till the end of August 2021.

Great news for Onion fans!

We are excited to announce that HARICA has started issuing Domain Validated (DV) certificates for v3 Onion websites.

HARICA is a Publicly Trusted Certification Authority (CA) that participates in all major Global “ROOT CA” Trust Programs (360, Adobe, Apple, Microsoft, Mozilla, Oracle), and operates as a “Trust Anchor” in widely used Application Software and Operating Systems (Adobe, Apple, Google, Microsoft, Mozilla, Linux).

Following this announcement, we offer a discount to all HARICA’s DV Certificates, which includes “onion”, “wildcard onion”, and other types of publicly trusted DV TLS Certificates, starting at 4.5€ per year till the end of June 2021 [EXTENDED to August 2021].

Get yours now at HARICA’s CertManager!

How to purchase your own DV certificate?

  • Create a HARICA account at HARICA’s CertManager.
  • Under the Certificates section on the left, choose Server Certificates and make a new request for your domain.
  • You have the Option to auto-generate your TLS CSR locally or manually submit one you have already prepared. Both RSA and ECDSA keys are supported.
  • To validate your Domain Name you have three (3) “general purpose” validation options:
    1. Select a pre-defined email address of your domain to receive a confirmation email.
    2. Upload a text file, provided by HARICA, to a specific location on your web server.
      • For v3 Onion domains only this “general purpose” validation option is allowed. There is also a special option available which uses the Tor hidden service ed25519 key to generate a special “Onion CSR” to prove you control the v3 Onion domain namespace, which allows you to obtain a wildcard Onion certificate *.<hidden service>.onion. This is currently the only secure option allowed to obtain a wildcard Onion certificate and HARICA has built and publicly disclosed the necessary code to support this method!
    3. Add a DNS TXT record, provided by HARICA, to the selected authorization domain.
  • After the successful payment of your order, you can retrieve your certificate.

What is an “Onion Service”?

Onion services are anonymous network services that are accessed via the Tor Browser and the underlying Tor (a.k.a. “Onion”) network. Clients use Onion services via Onion domains that are only resolvable inside the Tor network. In contrast to conventional Internet services, Onion services are private and end-to-end encrypted, generally not indexed by search engines, and use self-certifying domain names that are long and difficult for humans to read. That is, you can offer a web server, SSH server, etc., without revealing the real IP address to its users.

Why would an Onion website need a TLS certificate?

There is a list of reasons as to why an Onion website would need a TLS certificate:

  • Mixing HTTP and HTTPS creates complex setups for websites.
  • To help the user verify that the Onion domain is indeed the site you are hosting (manual check at the certificate registration information).
  • Some services work with protocols, frameworks, and other infrastructure that have HTTPS connection as a requirement.
  • In case your web server and your Tor process are in different machines.

Our Success Story

2021-04-25 HARICA HARICA

Several years ago, an idea was born for an innovative (at the time) project based on the need for increased protection/security measures to encrypt communications over insecure networks, such as the Internet.

A team of Information and Communication Engineers from various Greek Universities and Research Centers collaborated and created a Public Key Infrastructure (PKI) that served and covered the security needs of the Academic and Research Institutions of Greece for SSL/TLS server and S/MIME certificates.

The project was successful and in the process our services were enriched, covering the growing needs of the Academic and Research Institutions. But we did not stop there. We wanted to offer our services outside the Academic/Research community.

Thus, we created the Certification Authority of the Hellenic Academic and Research Institutions (HARICA), which was initially supported by the National Research and Technology Network (GRnet) and then funded by the non-profit, civil company, Greek Universities Network (GUnet).

We started off by joining the Mozilla Root CA Program, which, even today, is the most strict and best supervised Global Certification Authority trust program, and gradually joined other major public trust programs.

After almost 15 years, HARICA is a Globally “Trusted Third Party” entity that simultaneously participates in all major Global “ROOT CA” Trust Programs (360, Adobe, Apple, Microsoft, Mozilla, Oracle) and operates as a “Trust Anchor” in International Software Companies and Operating Systems (Adobe, Apple, Google, Microsoft, Mozilla, Linux, Oracle Java).

Today HARICA’s services cover the full range of digital certificate needs and timestamps:

  • from the basic security level on SSL / TLS servers for individuals, businesses, and organizations
  • to the maximum level of security indication of large organizations (SSL EV, SSL QWAC, SSL QWAC-PSD2) fully meeting the requirements of Regulation (EU) 910/2014 (eIDAS) and Directive (EU) 2015/2366 on Payment Services (PSD2).

We provide products and services to individuals, companies and organizations:

  • S/MIME, certificates for digital signing and encrypting emails,
  • Code Signing, certificates used for digital software signing,
  • E-Signature, “Qualified” Electronic Signatures which replace the handwritten signatures, as well as “Advanced” Electronic Signatures and
  • E-Seal, electronic seals for Legal Entities, which, like its handwritten counterpart in the offline world, an electronic seal is a legal concept capturing the signatory’s intent to be bound by the terms of the signed document.

And we continue with the same enthusiasm, more structured and more experienced, improving and enriching our services offering the maximum security to our digital world.

GREEK ACADEMIC NETWORK (GUnet)
University of Athens – Network Operation Center
Panepistimiopolis Ilissia
Postcode: 157 84 Athens, Greece
support@harica.gr
HARICA is the Hellenic Academic & Research Institutions Certification Authority. It participates in all major Global "ROOT CA" Trust Programs, and operates as a "Trust Anchor" in widely used Application Software and Operating Systems.
It has received a successful Conformance Assessment Report fulfilling the requirements of Regulation (EU) 910/2014 (also known as eIDAS) in the areas of "Qualified" Certificates for electronic Signatures/Seals, website authentication, and "Qualified" Timestamps.