What are mutual authentication certificates? What are the ways to manage them?

Certificates of mutual authentication are used to establish a secure connection between the customer and the bank.

Certificates can be downloaded and managed through the Certificates Management function in the SmartHub reserved area.

The certificate is unique per customer and is therefore to be used for the recall of all APIs used, both Live and Sandbox.

The certificates are valid for one year. It is possible to generate a maximum of two certificates in order to be able to manage the moment of expiration of the certificates without operational interruptions: it will be enough to generate and install the second certificate close to the expiration date of the other one.

The way in which the certificates for the API are installed depends on the client used. In case of doubts, we suggest that you directly contact the support structures of the Client manufacturer.

Of course, in order to properly make calls, it will be necessary to properly configure caller-side SSL certificates.

In general, for proper management of certificates, the "trust" of the Certification Authority and the entire certificate chain (and not of the specific certificate) is required in order not to have operational problems during bank-side certificate changes.