Français

English

SWIFT CA Certificates

How to install the SWIFT CA Certificates in the browser trust store

The SWIFT CA Certificates, consiting of the SWIFT CA, the 3SKey CA and the SWIFT root CA, must be installed in the browser trust store to be able to activate and manage the tokens.

TLS authentication to the 3SKey portal will use the SWIFT CA until at least 2020. The 3SKey CA and SWIFT root CA will be required in the future and are already available.

This article will show you how to install the SWIFT CA Certificates in the Trusted Root Certification Authorities store.

How to install the SWIFT CA Certificates?

The SWIFT Token Client software will install the SWIFT CA certificates in the Windows trust store, making them available in Internet Explorer and Google Chrome. Firefox needs additional configuration to use certificates in the Windows trust store.

Please refer to the browser specific sections below for more information.


Internet Explorer, Google Chrome

If you did not use the SWIFT Token Client software to install the certificates please follow these steps to import the certificates manually in the Windows trust store.

  1. Click on the following links to download the SWIFT CA Certificates, then choose the Open option when prompted to open or save the certificate.

    SWIFT CA

    SWIFT Root CA

    3SKey CA
  2. For each certificate, when the certificate window opens, choose Install Certificateā€¦. The Certificate Import wizard appears.
  3. In the wizard, choose Next. Then, when you are prompted for the Certificate Store, choose Place all certificates in the following store. Select the Trusted Root Certification Authorities store for the SWIFT CA and SWIFT Root CA. Select the Intermediate Certification Authority store for the 3SKey CA.
  4. Complete the remaining steps of the wizard and click Finish.

Firefox

If you used the SWIFT Token Client software to install the SWIFT CA certificates in the Windows trust store you can make them available to Firefox using the security.entreprise_roots.enabled setting.

  1. Open FireFox.
  2. Type in "about:config" in the URL bar and press "Enter" key.
  3. Scroll down to "security.entreprise_roots.enabled" and double-click to set the value to "true".
  4. Click the "OK" button.
If you did not use the SWIFT Token Client software to install the certificates please follow these steps to import the certificates manually in the Firefox certificates store.
  1. Click on the following links to download the SWIFT CA certificates, then choose Save as to save the file on your computer.

    SWIFT CA

    SWIFT Root CA

    3SKey CA
  2. Type in "about:preferences#privacy" in the Firefox URL bar and press "Enter" key.
  3. Under Certificates, click View Certificates. The certificate manager window appears.
  4. Select the Authorities tab and click the Import button.
  5. Browse to the location where you saved the certificate file. Select it and click OK.
  6. Tick the box "Trust this CA to identify websites." then click OK.

Why is the certificate required?

The client must be able to validate the authenticity of the server certificate. The SWIFT Certification Authority (CA) issues certificates to servers and clients that communicate over the SWIFT network. Validation of a server certificate requires the client to trust the SWIFT CA.

The CA is the root of trust for all certificates issued from the CA. Often on the Internet, server certificates are issued from a public Internet CA and the public CA certificate is already stored in the browser. The SWIFT CA is a private certification authority owned and maintained by SWIFT. The certificate must be manually added to the browser trust store.

Each client must add the certificate to the browser trust store to establish an HTTPS connection. Without first adding the certificate to the browser, a connection is not possible.

SWIFT © 2019