Products

Electronic signing and identification solutions for all types of organizations.

Electronic Signature

Send out contract in seconds.

Digital Identifying

Remotely verify identities.

Pricing

See and compare various packages and prices.

Integrations

API

Easily integrate Signhost into your own system with our REST API.

Mobile App

Sign and send documents quickly, easily and securely with the Signhost app.

Third-Party Integrations

Find out whether Signhost integrates with the third-party software you currently use.

Documentation

Go to our REST API documentation.

Pricing

Insights

Blog

Read more about digital signatures and e-identification subjects.

FAQ

Find answers to common inquiries about our e-signature and e-identification solutions.

Glossary

Explore key terms related to digital signatures and digital identification.

Company

About us

Signhost is Entrust's cloud signing and identification solution.

Entrust

The global leader in identities, payments, and digital infrastructure.

What is a Qualified Website Authentication Certificate (QWAC)?

A qualified website authentication certificate (QWAC) is an SSL/TLS certificate that confirms to users that a website is run by a legitimate entity. It verifies the entity’s identity and ensures secure communication between users and the website.

Objective of using a QWAC

QWACs are used to prevent hackers from intercepting or tampering with any information shared with a website, such as personal and credit card details. Using a QWAC enables companies to meet legal requirements for secure online transactions, particularly in the EU under eIDAS 2.0 and the Payment Services Directive (PSD2).

Key components

Issuer

A Qualified Trust Service Provider (QTSP) issues the QWAC. The certificate includes the issuer’s name and additional details, such as legal status and contact information. They sign the certificate with their private key to ensure its legitimacy.

Certificate details

A QWAC includes the following details:

Address, legal name, domain names and alternate titles of the organization receiving the certificate
The period of the certificate’s validity; start and end dates
A serial number to uniquely identify the certificate
Specific usage of the public key
Statements confirming that it complies with the rules set by the eIDAS Regulation
Sources to check the certificate’s real-time status and download the issuer’s certificate.

Encryption technology

QWACs use the following forms of encryption technology:

TLS/SSL Protocol to encrypt the data exchanged between users and websites.
Public Key Infrastructure (PKI) to generate public-private key pairs. The public key is embedded in the certificate, while the private key is held by the QTSP.
Encryption algorithms, such as SHA-2 for hashing and RSA for key exchange.

Regulatory framework

QWACs are governed by the eIDAS Regulation which outlines the role of QTSPs and the requirements for issuing and managing digital certificates. PSD2 guidelines also mandate the provision of secure communication and authentication for payment services, which can be supported by QWACs.

Additionally, the European Telecommunications Standards Institute (ETSI) sets the standards for implementing QWACs.

How a QWAC works

An organization applies for a QWAC from a QTSP accredited under the eIDAS Regulation.
The QTSP performs the necessary identity verification procedures to ensure the entity is who it claims to be.
After establishing the organization’s identity, the QTSP issues the QWAC, which includes information about the entity and the certificate itself.
The recipient installs the QWAC on their website server, enabling the use of TLS/SSL protocols to encrypt exchanged data.
Website users see a padlock icon in their browsers, indicating that the website’s identity is verified and communications are secure.

Importance of a QWAC

Security: Incorporates strong encryption and authentication technology to protect sensitive information during online transmission.
Trust: Builds user confidence in the legitimacy and security of the website by ensuring safe online transactions.
Compliance: Meets the requirements of the eIDAS regulation, which is mandatory for specific types of online platforms in the EU.

Applications of a QWAC

Government websites: Assuring citizens that they are interacting with legitimate government entities and securing the provision of online public services.
Banking institutions: Securing online transactions and protecting communications between payment gateways and customers, thereby reducing the risk of fraud and identity theft.
E-commerce: Ensuring secure transactions and protection of customers’ payment details, safeguarding against unauthorized access and data breaches.
Healthcare: Protecting online health records and securing communication between healthcare providers and patients.

*Disclaimer: This content does not constitute legal advice. The suitability, enforceability or admissibility of electronic documents will likely depend on many factors such as the country or state where you operate, the country or state where the electronic document will be distributed as well as the type of electronic document involved. Appropriate legal counsel should be consulted to analyze any potential legal implications and questions related to the use of electronic documents.