Release 1.08: New Endpoint for Systematic Certificate Renewal


Intended Audience

Software Suppliers

Date

01 July 2020

Situation

User certificates are valid for 2 years and will start to expire from Autumn 2020, with large numbers expiring in Q1 2021. Because the current system requires manual intervention to renew user certificates this may lead to high volumes of support calls to software suppliers. A solution will be introduced to the UK MVS with Release 1.08 in November 2020.

Affected software suppliers must move quickly to update their software.

Background

The NMVS uses multi-factor authentication: Software must present a valid set of user credentials and certificate to transact with the UK MVS. Manual certificate renewal is problematic due to the dependency on expiry notification emails being delivered and read, and because many suppliers manage numerous certificates on their users’ behalf.  Currently, certificates can be renewed in 2 ways:

  1. Users manually download the new certificate from the UK MVS GUI, by providing the TAN information from the certificate renewal email.
  2. If software implementation allows, the software can download a new certificate from the G615 process if the user inputs the TAN information from the certificate renewal email.

If the user does not receive the TAN notification email or does not take prompt and appropriate action, then they will be unable to connect to the UK MVS when their certificate expires. This issue is addressed in Release 1.08 to be released in November 2020. Documentation to support development is available now.

Solution

A new endpoint will allow the systematic renewal of certificates. This additional endpoint authenticates using current certificate and credentials and will provide the new certificate that is automatically generated 60 days prior to the expiry of the current certificate. This endpoint is independent from the TAN delivered in the certificate renewal email, and so no user intervention is required. 

Recommendations

  • Consult the revised documentation for Release 1.08: FD-002 Implementation Guideline NMVS. https://www.sws-nmvs.eu/portal/documentation (Release 1.08 section)
  • Update their software and deploy it to customers to utilise this new endpoint to minimise the impact of user certificate expiry.

Submit new versions of NMVS end user software for Arvato baseline testing before distribution.

 

DOWNLOAD PDF