3.1 Certificate Requirements

From CBI GLOBE Wiki

As required by the Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication contained in the DELEGATED REGULATION (EU) 2018/389 of 27 November 2017, TPP need to be equipped with qualified certificates for electronic seals / website authentication (eIDAS Certificates).

TPP eIDAS Certificates can be of two types:


The Testing Facility (Sandbox) made available from the 14th of March, 2019, is accessible to all the TPPs in possession of:

  • a valid QWAC production eIDAS Certificate released by a Qualified Trusted Service Provider (QTSP);
  • QWAC Test Certificate released by a Qualified Trusted Service Provider (QTSP);


The Production Facility made available from the 1st of June, 2019, is accessible to all the TPPs in possession of:

  • a valid production QWAC and QSeal (for http-signature) eIDAS Certificates released by a Qualified Trusted Service Provider (QTSP) based on a formal authorization in the NCA.


The Production Environment made available from the 1st of June, 2019, is accessible only to the TPPs in possession of both QWAC and QSeal eIDAS Certificates valid for the Production Environment. The TPPs that have already performed the onboarding with the test certificate, in order to ensure the highest levels of security for the PSUs and receive the production client id/secret id, are required to send an explicit request to the dedicated email address supportcbiglobe@cbi-org.eu with attached an eIDAS certificate valid for the production environment.

Furthermore, starting from the 1st of June, 2019, self-signed certificates are not considered valid anymore to access the Testing Facility.

From the 1° June the mail address that will support TPPs is the following: helpdesk@supportcbiglobe.com