1. Introduction

1.1. Background

In order to integrate a merchant commerce solution with Swish API the merchant needs to get a client TLS certificate from Swish Certificate Management and install it on their server. The certificate will be used for client authentication of TLS communication with Swish API.

The Swish server is set up with a TLS server certificate, which needs to be verified when initiating TLS from a merchant web server to Swish.

More information about Swish certificate handling is available in the Guide Swish API.

1.2. Certificate Administration

Persons who are authorized by a merchant as Certificate Point of Contacts (CPOC) can administer a merchant’s certificates by logging in to the Swish Certificate Management which is available at https://comcert.getswish.net/.

The following functions are provided:

  • Log-in and Log-out
  • List all certificates that the CPOC is authorized to administer
  • Download previously issued client certificates for the Merchant
  • Ordering a new certificate for the Merchant
  • Revoke certificates for the Merchant