2. Functions

2.1. Log in

A person that has been registered by a merchant’s bank to represent the merchant can log in to Swish Certificate Management by providing organisation number and the Swish number that is to be administered.

If the person uses a BxID or BgID it is the person’s identity number instead of the personal number that is provided.

A person can authenticate his or her identity using Mobile BankID or BankID on card (or BxID/BgID on card).

If the person uses Mobile BankID he or she will also have to provide his or her Personal number.

Only the certificates related to one specific Swish number can be administered at a time. If a person represents more than one merchant, or if one merchant has more than one Swish number, and the person needs to administer the certificates related to another Swish number, the person has to log out and log in again by providing the new information.

2.2. General functionality

The name of the person that is logged in and the date is displayed at the top right corner of the page.

The merchant’s organisation number and the Swish number that is administered are displayed under the top menu at all times.

Through tabs on the top menu the person can choose to display a list of certificates issued for the merchant and the Swish number that is administered, or to request a new certificate

2.3. List all Certificates

A list of certificates issued for the merchant and the Swish number that is administered is displayed by default when logging in.

Above the list is a link through which it is possible to download the certificate chain for the Swish server TLS certificate.

The list of certificates contains the following information:

ColumnDescription
Issued (GMT)The date and time when the certificate was issued.
Valid through (GMT)The date and time when the certificate expires.
IssuerThe BIC of the bank that issued the certificate.
Requested byThe person number (or identity number) of the person that requested the certificate.
StatusThe status of the certificate. The status can be either “Valid”, “Expired”, or “Revoked”
DownloadLink through which it is possible to download the certificate.
RevokeLink through which it is possible to revoke a certificate

2.4. Download Client Certificate

It is possible to download all certificates that have been issued for the merchant and the Swish number that is administered.

If a certificate has expired or has been revoked an information message is displayed if a person tries to download it.

In order to download a certificate, copy the text in the text area and save it to a file on the merchant web server. The text represents the certificate together with the certificate chain, i.e. the Swish Root CA certificate and two intermediate bank CA certificates, in either PEM or PKCS#7 format.

2.5. Order a new Certificate

In order to request a new certificate, paste the text content of a Certificate Signing Request (CSR), (PKCS#10 with 4096-bit RSA key), in the text area. Then choose the desired format of the certificate, i.e. PEM or PKCS#7, and the BIC of the bank that should issue the certificate, and click the “Generate” button.

In order to download the generated certificate, copy the text in the text area and save it to a file. The text represents the certificate together with the certificate chain, i.e. the Swish Root CA certificate and two intermediate bank CA certificates, in either PEM or PKCS#7 format.

2.6. Revoke Certificate

Before a certificate is revoked a warning is displayed together with information about the certificate, and the person has to confirm that the certificate should be revoked.

Revoking a certificate is irreversible and will lead to discontinuation of the Swish service for the merchant if that specific certificate is being used.

2.7. Logout

A person can log out by clicking on the “Log out” link at the top right corner of the page.

If a person is inactive for a more than 15 minutes he or she will be logged out automatically.