This article outlines the details of the PEPPOL PKI.
It shows how the PKI is structured and where it is used.
Introduction to the PEPPOL PKI
The PEPPOL PKI (Public Key Infrastructure) is an integral part of the
PEPPOL security model. It consists of two separate trees - one for pilot/test usage and one
for production usage.
See the following image for a fully fledged view of the complete PEPPOL PKI.
In the above image you see two root certificates - the pilot root and the production root.
These are the issuing certificates for the "AP Root" (AccessPoint),
the "SMP Root" (Service Metadata Publisher) and the "STS Root" (Secure Token Service - unused!).
Each AP and SMP certificate used in practice is based on the respective AP or SMP ROOT certificate
(see the red boxes ).
Certificate usage in PEPPOL
This section tries to give a rough overview where certificates are used for what purpose.
Uses the PEPPOL SMP certificate to sign responses to
Uses the PEPPOL SMP certificate as a client certificate when communicating with the SML
(for service group creation and deletion)
Requires the public part of the PEPPOL AP certificate for usage in the public
endpoints (the information that is queried from the outside).
Verifies that the response from the SMP server was signed by a valid PEPPOL SMP certificate
AP Server (receiving documents)
Requires an SSL certificate for https usage.
This SSL certificate is NOT issued by PEPPOL but must be issued by a trusted
This SSL certificate should not be self-signed!
Verifies that the incoming document was signed with a PEPPOL AP certificate.
AP Client (sending documents)
Signs the AS2 message with the PEPPOL AP certificate.
Includes the public part of the certificate into the AS2 message.
- The SMK requires requests to contain an SMP Pilot Certificate to perform writing operations
- The SML requires requests to contain an SMP Production Certificate to perform writing operations
You must be logged in to post a comment!