For registered participants: CS OTE Portal Sandbox CZ

Change in certificates switching to qualified certificates in CS OTE

As of October 1st 2017, the access to the web portal of CS OTE as well as the electronic signing in CS OTE will be possible using qualified certificates only. As of July 1st 2017, it will be possible to register only qualified certificates for accessing the web portal of CS OTE and using electronic signatures. CS OTE users will be enabled to use their current certificates (commercial certificates and OTECA certificates) in the web portal of CS OTE by September 30th 2017.


This change is based on the Regulation (EU) No. 910/2014 of the European Parliament and of the Council (eIDAS) and on the Act No. 297/2016 Coll. on trust services for electronic transactions. The qualified certificates in CS OTE are used in compliance with the statement of the Ministry of Interior - available under the following link.


As of July 1st 2017, until further notice, it will be possible to register qualified system certificates only for an electronic signature in an automatic communication (creation of an electronic mark), until qualified certificates for electronic seals will be available as a replacement of the current system certificates. As of October 1st 2017, it will not be possible to use commercial certificates for creation of an electronic mark (automated signature).


For sending encrypted messages to CS OTE through a secured e-mail the original OTECA certificate will be replaced with a commercial certificate by the Market Operator. The new commercial certificate of OTE will be placed on the OTE’s website for download and the users will be informed by the Market Operator in the near future. As of October 1st 2017, every market participant has to have a commercial certificate to be able to receive encrypted messages from CS OTE through encrypted e-mail.


As of October 1st 2017, the market participants will have to use a commercial certificate to log in to OTE-COM application. For the electronic signing of data, the same rules must be followed as in case of a web portal, i.e. as of October 1st 2017, all data must be signed with a qualified certificate only.


The planned change does not affect users who have been already using the qualified certificate for communication with the web portal of CS OTE. A list of certification authorities (CAs) issuing qualified certificates for electronic signature is posted here.


The Market Operator would like to point out that issuing of OTECA certificates, including renewal of certificates, will not be further ensured as of May 1st 2017.


More information on changes in accessing and electronic signing in CS OTE, including instructions on how to proceed to change certificates in CS OTE:

 

Supported certificates in CS OTE from October 1, 2017

  commercial certificate qualified certificate qualified system certificate commercial system certificate electronic seal Explanation
Web Portal of CS OTE  
login into web portal CS OTE NO YES  - - As of 1st October 2017, the access to the web portal of CS OTE will be possible using qualified certificates only.
data signing in web portal CS OTE NO YES
files uploaded through web portal CS OTE NO YES
Secured communication via e-mail/SMTP  
sending encrypted messages to CS OTE NO YES  YES NO  YES  As of 1st October 2017 both certificates (commercial and qualified) have to be used for fully valid email/SFTP communication. It will be necessary to use a commercial certificate for an encrypted communication from CS OTE to the user and a qualified certificate for an encrypted communication from the user to CS OTE.
receiving encrypted messages from CS OTE YES NO  NO YES  NO
Automatic communication (SOAP) with CDS electricity, gas and Renewable Energy Sources (server-client and server-server)  
automatic communication via SOAP  - YES YES As of 1st October 2017 it will be not required a certificate for TSL authentication from OTE to the user. It is necessary to use a qualified certificate for the communication from the user to CS OTE.
Automatic communication via REST services  
automatic communication via REST services  - YES REST services require authentication and using a commercial certificate only.
Access to OTE-COM application  
log into OTE-COM application YES NO  - It will be necessary to use a commercial certificate for authentication and a qualified certificate for electronic signing of the message to CS OTE.
electronic signing in OTE-COM application NO  YES  -
Automatic communication via AMQP server
user's authentication YES NO NO YES NO
electronic signing NO YES YES NO YES

Changes in certificates from 1st October 2017.pdf (192 KB)