Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
picture of tbs certificates
picture of tbs certificates
Our products range

PSD2 Certificates

PSD means Payment Service Directive, 2015/2366 in EU terminology.

The PSD2 is a regulation that applies to the banking world, with the objective of ensuring its modernisation.

X509 certificates are issued to PSPs (Payment Service Providers), which may be credit institutions, payment institutions, fintechs, etc. A PSP must be authorised by a national banking authority (NCA).

With regard to digital certificates, the directive introduces 2 new types of certificates that are documented in the ETSI TS 119 495 standard, which are derived from qualified eIDAS certificates:

  • a QWAC certificate (Qualified Website Authentication Certificate), which is a TLS server certificate with server and client EKUs, which also derives from the CA/B Forum Extended Validation standard andcontains fields specific to PSPs

  • a QSealC certificate (Qualified electronic Seal Certificate) which is a server stamp certificate containing fields specific to PSPs

All banks (ASPSP) offering an online service must also offer API access to other PSPs (TPPs). This access is based on a TLS layer (to ensure confidentiality) with mutual authentication. The client (initiator of the connection) must present a QWAC PSD2 certificate to identify itself, the server can use a QWAC PSD2 certificate or another TLS certificate. This QWAC can use a software-stored private key, there is no obligation to use qualified cryptographic hardware.

On the other hand, once the communication is established, the exchanged information is signed by the QSealC server seal certificate for storage purposes and to identify the data transmitted end-to-end (there may be aggregators or exchange nodes at the TLS level). The use of the seal certificate is not made mandatory by PSD2, but is recommended for its proof benefits. QSealCs can generate qualified signatures if the private key is generated and operated within a QSCD qualified cryptographic hardware; otherwise the generated signatures are of advanced type. PSD2 does not require signatures to be qualified.

These 2 types of certificates must be issued by a QTSP (Qualified Trust Service Provider), i.e. an eIDAS Qualified Certification Authority that has been audited for the ETSI TS 119 495 standard.

In addition, actors must also implement verifications to ensure that the certificates presented comply with the standard, contain the required fields, are issued by a QTSP and are not revoked.

Obtaining test certificates

TBS issues test certificates that have the structure of PSD2 certificates but are not issued by a qualified authority in the EU Trust List. The verification process is also streamlined, and the same CSR can be used for WAC and SealC.

These certificates are available since February 2019 and priced 400€ for a pair.

Obtain a test certificate:


The CSR of the WAC certificate must be filled such as an EV certificate. The CSR of the SealC certificate must contain a CN formated as "O_field_content - test PSD".

It is not necessary nor advisable to define a organizationIdentifier field in those CSR.

Obtaining real certificats

TBS plans to provide PSD2 certificates from April 2019, depending on suppliers availability.

To be contacted when available, please register interest with us by email to


To obtain a PSD certificate you need to have a customer area, open it here.

In addition, the Administrative Contact (the Certificate Manager) must have a qualified eIDAS electronic signature certificate in their name in order to be able to sign the contractual documents.

You can order one here: Certigna ID RGS**.