Clarification request procedure PKIoverheid Private server certificate

For B2B message communication in the Energysector

Voor de Nederlandse versie van deze pagina, klik hier

Applying for a PKIoverheid Private server certificate for the Dutch energy market is a two step procedure:

  1. Register with KPN as PKIoverheid Subscriber, unless you already are
  2. Request a EDSN Private (PKIoverheid) Server certificate at KPN

1. Registrer once-only as a KPN PKIoverheid subscriber

KPN may only (according to Government guidelines) issue certificates to organizations which KPN checked on; the organization is recognized and that the authorized representative specified during time of subscription is registered accordingly with the Dutch Chamber of Commerce. Therefor the requesting organization has to reckon a lead time of 3 to 10 business days for completion of the Subscriber registration.

General considerations when filling out the Subscriber registration form:

  1. Make sure the Subscriber name is fully in accordance with the Organization name as registered in the trade register of the country of origin.
  2. Make sure that the actually authorized representative is 100% in accordance with the authorized representative as specified in the trade register of the country of origin.
  3. Add a copy of both legal proof of identities; for the authorized representative as well as the requesting contact person.
  4. After sending the request/form on the website, KPN possesses the digital data. The authorized representative still has to print and manually sign the form and send it accompanied with all applicable documents by regular mail to KPN
  5. Consider sending the request by registered post in order to guarantee speed and traceability of the request and thus fast delivery to the right address.

Foreign organizations must take the following considerations into account:

  • Checking the Organization and the Authorized representative has to be performed through a request at “Dun&Bradstreet”. If the organization is not registered, “Dun&Bradstreet” will register the Organization according to the applicable process. In such cases, the Subscriber registration at KPN will take about 1 week longer.

Start KPN PKIoverheid subcriber registration

A detailed explanation and fill instruction can be found here: KPN PKIoverheid Toelichting abonneeregistratie

2. Requesting a PKIoverheid Private server certificate at KPN

Once you have received positive confirmation on your PKIoverheid KPN’s subscriber registration, you will be provided a subscription number which can be used to request a PKIoverheid Private server certificate at KPN.

KPN may (according to Government guidelines) only issue certificates to organizations of which reveal that the request is complete and lawful. Therefor KPN will perform miscellaneous checks for each PKIoverheid server certificate request, resulting in a lead time of 3 to 10 working days for the certificate request.

General considerations when filling out the certificate request form: EDSN Private (PKIoverheid):

  1. Make sure the request for the certificate is done by one of the contact persons or authorised representative which is specified in the Subscriber registration;
  2. In the section “Certificaatbeheerder” (certificate manager) you will be asked who the intended Certificate Manager will be. This person has to be “face2face” identified on a customer site in the Netherlands. It is therefore important that this person will be available for identification in the Netherlands (on short term);
  3. In the section “Certificaat” field “Organisatieonderdeel” (organizational unit), you should fill in the organisation unit it is intended for;
  4. In the section “Certificaat” field “Subject serienummer” you need to fill in the “EAN13 code <space> EDSN” of your organization (for example: 8712423010208 EDSN). This code is the registration of your organization at EDSN and has to be included, otherwise your request will not be processed.
  5. In the section “Certificaat” you need to provide the “Naam van de Service”. This must be a fully qualified domain name such as: energiesector.nl
    The domain name must be registered in an Internet DNS. You can request the registration details of a domain information in a WHOIS registry. For .nl domains this is https://www.sidn.nl
    It is important that the organization name in the registration of the domain name matches your organisation name in your Subscription at KPN. If the domain name is not registered to your organization, then the owner of the domain must authorize you to use this domain name in your certificate. KPN will contact the domain owner for authorization.
  6. In the field “Toepassing en support”, select “EDSN” from the pulldown menu in the section Certificaat is bestemd voor.
    In the section Pakketkeuze (Package selection) you need to select “Standaard”.
  7. After sending the request/form on the website, KPN possesses the digital data. The applicant still has to print and manually sign the form and send it accompanied with all applicable documents by regular mail to KPN
  8. Consider sending the request by registered post in order to guarantee speed and traceability of the request and fast delivery to the right address.

Foreign organizations must take the following considerations into account:

– If it is impossible to designate a certificate manager who is working for your organization and is resident in the Netherlands (or relatively easy can be identified in Netherlands), alternatively you can designate an already identified EDSN Certificate Manager as certificate manager for your Organization. For more information you can contact EDSN: servicedesk@edsn.nl

PKIoverheid Private server certificate request form
A detailed explanation and fill instruction can be found here: KPN PKIoverheid Toelichting aanvraag Servercertificaat

The Installation manual KPN PKIoverheid Private server certificates explains how your Private server certificate and CA certificates can be installed after the certificate is issued. It also contains the links to download the required CA certificates.