JWS Certificate Replacement/Update

JWS Certificate Replacement


Published by CSS Service Provider on 26 January 2024


Last day to Act (deadline 20 February 2024)


Any party that receives a message directly from CSS and needs to validate its authenticity will need a copy of the latest CSS JWS (Public) Production signing certificate. The CSS JWS (Public) Production Certificate will expire on 03 March 2024. The JWS Certificate is issued to digitally sign each message and validates that the message sender is authenticated and the message integrity. Each CSS User that receives messages from CSS will need to install the updated certificate to ensure messages can still be authenticated. Please download this PowerPoint slidedeck for further information.

What happens if I do not apply the certificate?

CSS Inbound messages are not impacted, but CSS Async outbound messages (e.g. validation notifications, Gate Closure messages) received by your system will fail authentication and therefore may be rejected by your systems

At a high level the following needs to be completed.

  • Download the new JWS Public Certificate (See slidedeck For Guidance Notes)
  • Apply the new certificate if your system can store and use multiple JWS public certificates in parallel before 20/02/2024 10:00-11:00
  • If you can only run one certificate then you need to download the certificate but only apply it during the window of 20/02/2024 10:00-11:00
  • Please confirm to enquiries@recmanager.co.uk if you can run multiple certificates or if you can only single run certificates
  • If you can run multiple certificates please send confirmation that you have downloaded / installed the certificate to enquiries@recmanager.co.uk 
  • If you can only run single certs please provide confirmation that you have downloaded the certificate and you have resource available to update the cert on the required date and time to enquiries@recmanager.co.uk