e-Boks and Strålfors certificates

If you want to use SmartPost in WorkZone Process you need to acquire certificates for e-Boks and Strålfors.

Local Registration Authority (LRA) - NemID administrator

The NemID administrator is an employee who is authorized to create access to the service providers' administration portals (e-Boks Administration Portal and Strålfors Connect), create and issue employee certificates to other employees, and assign different roles to the employees such administrator, super administrators, and so on. The NemID administrator is often an employee of the IT department in an organization.

The NemID administrator needs to have an LRA certificate, which is a special type of certificate that allows the NemID administrator to manage and issue employee certificates.

Point out an administrator and issue an employee certificate

The LRA administrator assigns an employee as administrator (or super administrator) and issues an employee certificate to this employee. This employee will then be authorized to create dispatch and retrieval systems and to manage the organization's e-Boks and Strålfors configurations.

The typical process is as follows:

  1. The employee is requested to order an employee certificate at NemID. See https://www.medarbejdersignatur.dk.
  2. The LRA administrator receives an approval message from NemID and approves the NemID.
  3. The employee receives a message from NemID with instructions on how to download the certificate.
  4. The LRA administrator assigns the employee as administrator or super administrator.

Acquire and use of the certificate (funktionscertifikat)

The LRA administrator needs to acquire a certificate (funktionscertifikat). The SmartPost process will use the certificate as electronic identification in relation to the service providers. The LRA administrator hands over the certificate to the administrator, who will then use the certificate to configure the systems.

The certificate allows a system A to identify itself towards another system B, where system A submits a service.

The certificate can be used in two different ways:

  • As dispatcher

    • This is system A. System A identifies itself towards another system B. System A will use the certificate to encrypt the communication with the use of a private key.

  • As recipient

    • This is system B. System B has received the certificate in a form where it only contains a public key that system B can use to decrypt the communication from system A. If the communication does not derive from system A but from a third unknown system C that pretends to be system A, it will be revealed during the decryption. Only the system with the certificate with the private key can make an encryption that can be decrypted with the public key that system A previously handed over to system B.

The certificate must be stored in the certificate store on the server that runs the SmartPost process.

See Acquire and install the e-Boks Certificate for instructions on the certificate process.