This article describes how to connect Smart ID Digital Access component to Smart ID Messaging that can either be installed on-premises or consumed as a service via Nexus GO Messaging.
Smart ID Messaging is a web-based service for online authentication and signing using Smart ID Mobile App or Smart ID Desktop App with certificates.Â
For more information on the communication between Digital Access component and Smart ID Messaging, see Architecture overview - Smart ID Messaging and Digital Access.Â
 Prerequisites
The following prerequisites apply:
 Log in to Digital Access Admin
- Log in to Digital Access Admin with an administrator account.
 Only for Nexus GO Messaging: Request API key from Nexus
If you use Nexus GO Messaging, then you first need to request an API key from Nexus.
To request a Nexus GO Messaging API key:
Find your Nexus GO Messaging callback URL:
In Digital Access Admin, go to Manage System > Policy Services.
- Click Manage Global Policy Service Settings....
Copy Personal Messaging Callback URL, and replace <access-point-public-host> with your DNS name.
https://<access-point-public-host>/https/api/rest/v3.0/personalmessaging
- Request an API key from Nexus by sending an email with the callback URL to Nexus support: support@nexusgroup.com.
When you have received a reply, you can go on to the following tasks.
 Connect Smart ID Messaging to Digital Access
To set up the connection to Smart ID Messaging (Personal Messaging):
- In Digital Access Admin, go to Manage system > Policy Services.
- Click Manage Global Policy Service Settings....
- Check Enable Provisioning.
Enter Provisioning Settings, that will apply to all policy services. Click the ?-sign for more information.
In Personal Messaging URL, enter a valid URL:
For Smart ID Messaging on-premises, enter the URL as it has been configured in Smart ID Messaging.
In this example, the default path is shown. If you have changed the path when you installed Smart ID Messaging, enter your configured path here. For more information, see Deploy Smart ID:Â
https://<personalmessaging-public-host>/hermod/rest/command
For Nexus GO Messaging, enter the following URL:
https://messagingservice.go.nexusgroup.com/command
In Image API URL, replace <access-point-public-host> with your DNS name.
- Enter an X API Key:
- For Smart ID Messaging on-premises, enter an API Key that has been generated in Smart ID Messaging. For more information on how to generate a key, see Add API user and callback URL in Hermod.
- For Nexus GO Messaging, enter the X API key as received by Nexus.
- If required, enter your own Attestation Key, which is used to sign provisioning responses.
There is a default Attestation Key stored, but it can be required to upload your own key, for example if you use the Smart ID Mobile SDK. - If you upgrade from version 5.12 or earlier of Digital Access component, and already use Smart ID Mobile App, you need to migrate these profiles to Smart ID Messaging (see Digital Access component news). Enter a Messaging Service Public URL. This is the URL that the existing Smart ID Mobile App profiles will be redirected to at the very first call after the migration. After that, the Smart ID Mobile App profile will memorize the new URL and use it for later calls.
For Smart ID Messaging on-premises, enter the URL as it has been configured in Smart ID Messaging.
In this example, the default path is shown. If you have changed the path when you installed Smart ID Messaging, enter your configured path here. For more information, see Deploy Smart ID:
https://<personalmessaging-public-host>/hermod/rest/ms
For Nexus GO Messaging:Â
https://messagingservice.go.nexusgroup.com/msÂ
- For help on other input fields, click the ?-sign for more information.
 Add CA certificate
To make Digital Access component trust Smart ID Messaging, the Smart ID Messaging certificate authority (CA)Â must be added in Digital Access component:
Locate the CA certificate files:
For on-premises installation of Smart ID Messaging, locate the SSL certificate that was used to set up Smart ID Messaging.
For Nexus GO Messaging, download the following CA certificate file:
Digicert intermediate CA: Digicert_SHA2_intermediate.cer
Add the CA in Digital Access component by uploading the CA certificate files. See the section Add certificate authority in Add certificates in Digital Access.
Enable images
The Smart ID Mobile App must be able to receive images during the authentication process. For this, a public available web resource as well as the Image API must be enabled.
 Enable distribution-service web resource
To be able to receive images from the Distribution Service over the Access Point the corresponding web resource must be enabled:
- In Digital Access Admin, go to Manage Resource Access.
- Select the registered distribution-service web resource.
- Click Edit Resource Host.
- Check Enable resource.
- Click Save.
 Enable Image API
The Image API must be enabled:
- In Digital Access Admin, go to Manage System > Distribution Services.
- Select the registered Distribution Service.
- Check Enable Image API.
- Click Save.