Certificate Requirements


For a two-way TLS connection, a certificate must be chosen.

1. SEI Issued Certificate:

  1. SEI uses a trusted Certificate Authority to issue identity certificates. Leading to quicker API integration, this can be selected in the AddApp form and will distribute the certificate to the email distribution list provided.

2. Alternate Certificate:

  1. Entrust and Trustware are Certificate Authorities approved by SEI. To use a different trusted CA that can provide an identity certificate, please contact APISolutions@seic.com for review and approval. It must meet SEI Common Name (CN) specifications, the Common Name must be the same as the Service Username returned to the client post runtime establishment.

Please refer to our FAQ section 'Security' to learn more about how to download an Identity CERT. To extract .crt and .key files from the pfx CERT, please execute the following commands after installing OpenSSL and refer to the following links for detailed instructions:

Commands

  • openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

  • openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

Instructional Links