We have manage onboarding with different VAT numbers in our cloud-based system.
When onboarding, we generate CSR and private key using the fatoora -csr -csrConfig … command. The output CSR and private key are stored as cert.pem and ec-secp256k1-priv-key.pem in the zatca-einvoicing-sdk/Data/Certificate/ directory.
Question 1: Can we directly copy the content of the generated CSR and private key into the cert.pem and ec-secp256k1-priv-key.pem files, or are there any modifications required?
Question 2: Is it possible to use the same cert and private key files for all onboardings? If separate files are needed for each vat number onboarded , how can we handle this in a single Zatca SDK effectively?
Based on what you mentioned, kindly find the below:
1- After using the "fatoora -csr-csrConfig “YourConfigFile” " command the results are CSR (which stands for certificate sign request) this means that it’s not the certificate. and the private key,
2- the next step must me getting the CCSID (Current Certificate) that comes from ZATCA response, After using the CSR that generated from the above command and you will use the binarySecurityToken from ZATCA compliance API response and decode it base64, the decoded certificate will be replaced in the cert.pem file not the CSR, for the private key what you mentioned is correct.
I hope what I have mentioned clarify your first question.
Regarding the second question: Please note that each device will share invoices should have its own certificate, and you can’t use the same certificate for different vat.
mate @Ankit_Tiwari Can we have your input here from business perspective?
Additionally, If you faced any blocker to successfully integrate with ZATCA, contact with your RM to reach out with our support team via the below mail with all your clear concerns about the integration process, our recommendation to review all the Educational library docs shared by ZATCA to ensure clear understanding before any concerns appears
Could you clarify if, when I use the -sign command in fatoora, I need to update the cert.pem file with the onboarded certificate before signing the XML?
For example, if I have two onboarded certificates and want each to sign an XML file, do I need to:
Copy the certificate for onboarding 1 to the cert.pem file, then sign the XML.
Then replace it with the certificate for onboarding 2 in cert.pem and sign the XML again?
But the same private key (ec-secp256k1-priv-key.pem) can be used for both onboarding.
I do not have for the same config file. I have it for two different config files.
The reason is my cloud based app has the ability to work with multiple companies So I onboard more than 1 company but I am facing issue with knowing how to sign the xml of a different certificate for each company
Please note that, each company must send all it’s simplified invoices signed with it’s own certificate, since your concerns now is more as an internal process, which a decision you should make.
From our side we are providing SDK tool which contains cer.pem file for one decoded certificate to sign the actual B2C invoices for the same VAT that certificate belong.
I hope it’s clear enough now, For any further concerns related to integration process please do not hesitate to reach out our support team via below mail.