To get a certificate that allows you to connect your app to IRIS you need to go through the following steps:
- Request the certificate from the IRIS rollout team
- Proof your identity
- Proof your right to represent your organization
- Accept some terms and conditions
To request the certificate, you, the certificate applicant, must email the IRIS rollout team ([email protected]). We recommend securing all email communication using PGP or S/MIME.
The certificate applicant is always a natural person who submits a certificate request either on behalf of himself or on behalf of a legal entity for which he is authorized to represent.
Please provide this information in your email:
- A certificate request as a CSR file. See here how to generate it.
- Your personal identification information (full name, birthdate and address according to your ID card, passport or residence permit)
- If you request on behalf of a legal entity (e.g., GmbH, e.V., Ltd.), you must proof your right to represent (Vertretungsberechtigung). For example, you can use a power of attorney for this purpose. It must be signed by an individual who is authorized to represent the organization and whose identity can be verified and validated based on publicly available information (see below).
The IRIS CA operator must validate the claimed identity and, if applicable, your right to represent.
The IRIS CA operator must be able to validate your right to represent on the basis of publicly available information. This includes public registers, e.g. commercial register (Handelsregister) or register of associations (Vereinsregister). If you decide to file a power of attorney, It must be signed by a member of your organization who is authorized to represent and whose identity can be verified and validated based on publicly available information. Alternatively, the IRIS CA operator an call your organization to get a verbal confirmation of your right to represent as stated in your request.
You will receive an email asking you to prove your legal identity. You can choose freely between these two alternatives. The identification will be free of charge for you in any case.
- Video-Ident or
- the eID function of your ID card (see eID feature of German national ID card English / German)
If for some reason neither Video-Ident, nor eID-Ident are possible for you, please reach out to us to discuss alternatives.
Next, we will email you a commitment form which you need to sign by means of a qualified electronic signature (QES). QES is considered as digital equivalent to handwritten signatures according to EU regulations. Please click the link to sign it. Our partner D-Trust (sign-me) will guide you through registration and validation steps. After you have signed, the form will be automatically mailed back to the IRIS CA operator and you.
As soon as the validation has been completed, you will receive your certificate via signed email (also encrypted if you provided us a PGP key or S/MIME certificate). At the same time, the IRIS rollout team will activate your certificate. This is done by publishing the public key in the service directory (public-key pinning). We ask for your understanding if there are some hours time difference between both processes.