Step 1: choose the Server Certificate suitable for your application

Digipoort PRIVATE server certificate
PKIoverheid Digipoort PRIVATE server certificates are for interfacing your system with Digipoort.
Reconi (KPN) automatically determines the name of the service, eliminating the need for a domain ownership check. This makes the application process faster and easier.
The root certificate is not included in browsers or operating systems.

For example:
Communication with Diginetwerk, Digipoort, SBR, OLO, LV WOZ, WSNP, GBA-V, BAG, GWH, WKPB and others.

Step 2: place your order

Follow-up steps

Domain check (Digipoort Standard only).
A very important check before Reconi issues a server certificate is to determine that the requestor actually controls the Name of Service (FQDN) included in the server certificate request. This is known as domain verification. KPN will contact you by email or the authorization manager of your domain to perform this check. This is explained in detail on the Domain Verification page .

One-time Identification Certificate Administrator.
If the Certificate Administrator specified in the certificate request is not yet registered as Certificate Administrator, you need to provide the details of the new Certificate Administrator in the certificate request web form. KPN will contact the Certificate Administrator for the purpose of personal identification. The Certificate Administrator can determine the place and time of identification. Identification is free of charge at any location in the Netherlands, with the exception of the Wadden Islands. The Certificate Administrator will receive a registration number that can be used for subsequent requests.

Production and issuance
After the identification has taken place, your request will be processed further. KPN then produces the Server Certificate if all checks have been successfully completed. Reconi sends the certificate by email to the Certificate Administrator with a copy to the Contact Person making the request. Reconi uses the e-mail address that the Contact Person provides when registering the Certificate Administrator.
The Certificate Administrator will receive a withdrawal code by letter.

The correct operation of a server certificate requires that the appropriate CA certificates are also installed. The required CA certificates and an installation guide can be found here.

In some cases it is necessary to revoke a certificate before it expires. For more information on how to revoke a certificate click here.

Renew or replace existing certificate:
At least 4 weeks before your certificate is due to expire, you will receive an e-mail with an advance notice that your certificate is about to expire. Then, 2 weeks before your certificate is due to expire, you will receive an e-mail from us initiating the renewal of your certificate. The data from your previous application will be reused and the validity period of your new certificate will be linked to the original expiration date. Your certificate will be renewed without reducing your validity period.

Visual: credit cards


With all PKIoverheid server certificates, you will receive a premium package worth €60 from Reconi as standard. This means that we support you in retrieving, installing and importing (within the software package) your certificate.