Redirecting you to

PSD2 Qualified Website Authentication Certificate

PSD2-compliant qualified website authentication certificates for Enterprises, Businesses, and Organizations

Sectigo QWAC Legal For PSD2

Delivered digitally.

Sectigo QWAC Legal For PSD2 Multi‑Domain License

Delivered digitally.


PSD2 QWAC Certificates

The Payment Services Directive / PSD2 is a regulatory framework that ensures secure payments across the European Union. PSD2-compliant Qualified Website Authentication Certificates (QWACs) are SSL/TLS certificates that encrypt sensitive data and authenticate banking entities and third-party payment service providers (PSPs) for trusted commerce transactions on websites.

Sectigo is an accredited Qualified Trust Service Provider (QTSP) and can issue this type of certificate. Once a certificate is ordered, Sectigo validates the identity that is named in the certificate through a series of checks that conform to the policies of the eIDAS regulation. These digital certificates require a PSD2 authorization number be provided by a National Competent Authority (NCA) before the issuer can move forward.

The certificate is then created, and paired with a private key that is installed on a server (QWAC), or HSM or other SCD. This prevents the key from being duplicated, stolen, or otherwise used maliciously. In the case of certificates provided by Sectigo on a SCD or QSCD, the keys are created and installed on the device by Sectigo.

PSD2 Compliance with QWACs

  • Where is it used? Identifies end points, protects data during communication
  • What are the security features? Confidentiality, authentication, and integrity
  • Is data protected when passed through an intermediary? Protects in direct peer-to-peer communications
  • What else is needed for compliance? Qualified Certificate for Electronic Seals (QSealC) are another type of digital certificate needed for secure communications

Validation and Issuance - IMPORTANT

Getting Your PSD2 Certificate

Once a certificate is ordered, you will be guided through the steps of passing the necessary validation checks so that your certificate can be issued. It's very important to understand the requirements for validation so your certificate can be issued as quickly as possible.

Typically the certificate signing request (CSR), where required, is submitted with the order. A CSR is only needed for QWACs or certificates that will be installed by you on an HSM or other device.

Once the order is placed, you will receive the Subscriber Agreement email. Follow the instructions in the email to agree to the agreement. After this the Complete Your eIDAS Request page is displayed, where you can monitor the progress of your order. The page shows all the steps that need to be completed for Sectigo to be able to issue your certificate.

The individual making the order must provide proof of their identity.

Face to face verification is used to verify your identity. This requires completion of the face-to-face form that will be provided to you by Sectigo, along with instructions for completing the form. The completed form must be notarized and accompanied by:

  • A notarized copy of government-issued photo ID.
  • Status of Author to verify the licensing status of the notary.

The email address used for the order is verified.

You will receive an email verification email. Follow the instructions in the email to verify your email address.

For orders made on behalf of an organization, proof that the signer of the agreement is an authorized representative of the organization is required.

As part of the verification, Sectigo verifies the phone number provided with the order. You will receive an email with instructions, and the process will involve a callback to the phone number that was verified as part of the organization identity.

The callback verifies the following:

  • The phone number is that of the organization.
  • The authenticity of the order and that it was placed by the organization.
  • The signature on the agreement is confirmed by the signer.
  • The authority of the signer to enter into an agreement.

For orders involving legal persons, Sectigo will verify the physical, legal, and operational existence of the organization.

As part of the verification, Sectigo verifies the organization details provided with the order, including:

  • the legal identity and existence of the organization
  • the physical existence of the organization
  • the operational existence of the organization

You may be required to provide additional documentation and receive callbacks.

For PSD2-compliant certificates, additional evidence that the organization is registered with and approved by the relevant NCA is also required.


Before you order

Sectigo PSD2 QWAC Certificates for legal persons are TLS/SSL certificates that are issued to organizations.

Organizations that are registered with and approved by their NCA, such as banking entities and third-party payment providers, can additionally obtain a PSD2-compliant QWAC.

QWACs (with or without PSD2) can additionally be ordered for multiple domains.

PSD2 Requirements

Generate your signing Key Pair and CSR on the server where you will be installing the certificate before ordering. Consult your server documentation.

These orders require that you provide a PSD2 authorization number as issued by your NCA.