Real user identity
Reliably identifies individuals and legal representatives through qualified digital certificates, ensuring who is actually accessing the platform.
User authentication and registration with digital certificate
Reliably identify users and legal representatives through qualified digital certificates, without passwords or complex verification processes.
* SaaS service compatible with qualified digital certificates from the European Union.
The challenge of securely identifying users in digital environments
Traditional registration and login systems based on username and password create friction, drop-offs and security risks.
Access through third-party accounts such as Google or Facebook is convenient, but does not prove the user’s real identity.
In sensitive or regulated processes, organizations need mechanisms that guarantee the true identity of the person accessing their digital services.
Certvalidator, authentication with real digital identity
Certvalidator is a SaaS service that enables user authentication and registration through qualified digital certificates, validating the user’s identity from the first access without adding technical complexity to the platform.
Passwordless security
Eliminates traditional credentials and reduces the risk of fraud, identity theft and unauthorized access.
Secure and automated onboarding
Simplifies user registration and login by avoiding long forms and additional verification processes when the user has a digital certificate.
Easy integration
Ready-to-use SaaS service, with no installation or additional infrastructure required, designed to be implemented without cryptographic knowledge or certificate management by the integrator.
Compliance and auditability
Supports regulatory compliance and improves access traceability and auditing through a robust and verifiable identification mechanism.
How Certvalidator works
Certvalidator acts as a secure intermediary between the user and the platform, managing the complete authentication process using a digital certificate.
The user accesses your platform
The user starts the registration or login process and is redirected to the Certvalidator service to identify themselves with their digital certificate. The browser displays a list of available certificates.
Digital certificate validation
Certvalidator verifies that the selected certificate is authentic and trustworthy: valid, not revoked (OCSP/CRL), and issued by a Certification Authority accepted under eIDAS (TSL).
User identification
Once the certificate is validated, Certvalidator processes its content (X.509) and extracts the identity data required to identify the user or the legal representative of a company (specific OIDs).
Data returned to your platform
Certvalidator returns the validation result and certificate data to the platform in structured format via custom HTTP headers, allowing the access or registration process to be completed.
What data your platform receives after authentication
Certvalidator returns to your platform the data extracted from the digital certificate once validated, ready to be processed directly by your backend.
-
User identityCertificate holder identifier (Tax ID/National ID or equivalent) and full name, extracted directly from the digital certificate.
-
Contact detailsCertificate holder’s email address when present in the certificate.
-
Company and legal representativeName and tax ID of the represented organization, along with the legal representative’s details, in legal entity certificates when applicable.
-
Validation statusResult of the certificate validation process, indicating whether it is valid, revoked, expired or untrusted.
-
Certificate issuerInformation about the Certification Authority that issued the digital certificate.
-
Full digital certificateUser certificate in standard format (PEM), available for auditing, traceability or additional checks.
Available fields depend on the type of certificate and the service configuration.
Example of HTTP headers
Data is delivered as HTTP headers so your backend can process it immediately.
X-status: good
X-ID: 12345678Z
X-DN: subject=C=ES, serialNumber=12345678Z, SN=GARCIA, GN=JOSE
X-email: [email protected]
X-organization: Empresa S.A.
X-representative: Juan Pérez
X-representative-ID: 12345679S
X-issuer: CN=AC..., O=..., C=ES
# Certificado digital completo (opcional)
X-cert: -----BEGIN CERTIFICATE-----
MIIF...
... (contenido PEM)
-----END CERTIFICATE-----Using the full certificate (PEM) is optional and only necessary if the platform requires auditing, traceability or additional validations.
In which scenarios is Certvalidator useful?
Certvalidator fits scenarios where users or companies need to be securely identified through digital certificates, without adding technical complexity.
Identify users through digital certificates
For platforms that need to know the real identity of users in registration or login processes, without relying on passwords or third-party accounts.
Replace username and password in sensitive access
When access to private areas, backoffice or critical services requires strong, secure and traceable authentication.
Identify companies and legal representatives
For B2B scenarios where it is necessary to know the represented company and its legal representative, without requesting powers of attorney or additional documentation.
Avoid additional verification processes
When the user already has a digital certificate and you want to complete registration or onboarding without running additional processes such as eKYC.
Accepted digital certificates and coverage
The service is capable of validating more than 4,000 certificates from 440 qualified trust service providers (TSPs) across different European countries, as well as other countries in America, Africa and the Middle East. The process is fully transparent for the end user, regardless of the certificate or country of origin.
Europe
| Country | № Accepted certificate providers | № Accepted certificate types |
|---|---|---|
| Austria | 7 | 91 |
| Belgium | 15 | 105 |
| Bulgaria | 7 | 77 |
| Cyprus | 1 | 8 |
| Czechia | 8 | 334 |
| Germany | 27 | 904 |
| Denmark | 3 | 13 |
| Estonia | 2 | 54 |
| Greece | 5 | 120 |
| Spain | 60 | 327 |
| Finland | 1 | 19 |
| France | 35 | 250 |
| Croatia | 4 | 32 |
| Hungary | 19 | 319 |
| Ireland | 4 | 10 |
| Iceland | 2 | 6 |
| Italy | 53 | 451 |
| Liechtenstein | 4 | 9 |
| Lithuania | 8 | 64 |
| Luxembourg | 3 | 19 |
| Latvia | 1 | 29 |
| Malta | 3 | 9 |
| Netherlands | 13 | 84 |
| Norway | 14 | 47 |
| Poland | 12 | 118 |
| Portugal | 10 | 90 |
| Romania | 7 | 116 |
| Sweden | 3 | 7 |
| Slovenia | 9 | 83 |
| Slovakia | 10 | 234 |
| United Kingdom | 16 | 9 |
| Total | 357 | 4038 |
You can see the detailed list of European Union countries and providers at this link: https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home
America
| Country | Accepted certificate provider |
|---|---|
| United States of America | Entrust.net Certification Authority (2048) |
| United States of America | Adobe Systems Incorporated |
| Colombia | Global Certification Authority Root GSE |
| Colombia | Autoridad Raiz GSE |
| Colombia | ROOT CA ANDES SCD S.A. |
| Colombia | AC Raíz Certicámara S.A. |
| Colombia | CAEDICOM Root |
| Colombia | Thomas Signe Root |
| Colombia | OlimpiaIT ECD |
| Colombia | AC CAMERFIRMA S.A. |
| Colombia | PKI Services Root CA |
| Colombia | VALID COLOMBIA ROOT CA |
| Colombia | Certification Authority Root Lleida SAS |
| Peru | DIGITAL CERTIFICATES ISSUED BY CERTIFICATION AUTHORITY TO THE PERUVIAN STATE-ECEP CLASE III SHA 1 |
| Peru | DIGITAL CERTIFICATES ISSUED BY CERTIFICATION AUTHORITY TO THE PERUVIAN STATE-ECEP CLASS III SHA 256 |
| Peru | DIGITAL CERTIFICATES ISSUED BY CERTIFICATION AUTHORITY TO THE PERUVIAN STATE-ECEP CLASS II SHA 256 |
| Peru | DIGITAL CERTIFICATES ISSUED BY CERTIFICATION AUTHORITY TO THE PERUVIAN STATE-ECEP CLASS II SHA 1 |
| Peru | DIGITAL CERTIFICATES ISSUED BY CERTIFICATION AUTHORITY TO THE PERUVIAN STATE-ECEP CLASS I SHA 256 |
| Peru | DIGITAL CERTIFICATES ISSUED BY CERTIFICATION AUTHORITY TO THE PERUVIAN STATE - ECEP CLASS I SHA 256 |
| Peru | DIGITAL CERTIFICATES ISSUED BY CERTIFICATION AUTHORITY TO THE PERUVIAN STATE-SHA256 |
| Peru | DIGITAL CERTIFICATES ISSUED BY CERTIFICATION AUTHORITY TO THE PERUVIAN STATE-SHA1 |
| Peru | WISEKEY CERTIFYID ADVANCED GB CA 2 |
| Peru | WISEKEY CERTIFYID ADVANCED SERVICES CA 4 |
| Peru | ACCREDITED DIGITAL CERTIFICATES |
| Peru | AC COMODO (SHA256) TO FULFILL THE SD 105-2012-PCM |
| Peru | DIGITAL CERTIFICATES ISSUED BY THE ECEP USING THE ECERNEP PERU CA ROOT 3 HIERARCHY |
| Peru | DIGITAL CERTIFICATES ISSUED BY ECEP-RENIEC USING THE ECERNEP PERU CA ROOT 3 HIERARCHY |
| Peru | EREP (DNIE NATURAL PERSON) BY RENIEC |
| Peru | DIGITAL SIGNATURE SOFTWARE BY RENIEC |
| Peru | ESIGNACRYPTO DIGITAL SIGNATURE SOFTWARE BY INDENOVA S.L. |
| Peru | AC ENTRUST INC TO FULFILL THE SD 105-2012-PCM |
| Peru | CA-ENTRUST INC TO FULFILL THE S D 105-2012-PCM |
| Peru | CA DIGI SIGN TO FULFILL THE SUPREME DECREE 105-2012-PCM |
| Peru | INTERMEDIATE AC ACEDICOM |
| Peru | CA ACEDICOM ROOT |
| Peru | AC FIRMA PROFESIONAL S.A. TO FULFILL THE SD 105-2012-PCM |
| Peru | AC CERTISIGN TO FULFILL THE SD 105-2012-PCM |
| Peru | AC GSE TO FULFILL THE SD 105-2012-PCM |
| Peru | AC CERTICAMARA TO FULFILL THE SD 105-2012-PCM |
| Peru | AC GLOBALSIGN TO FULFILL THE SD 105-2012-PCM |
| Peru | TSU CAMERFIRMA PERU SAC |
| Peru | AC CAMERFIRMA PERÚ - 2016 |
| Peru | GLOBAL CHAMBERSIGN ROOT - 2016 |
| Peru | EC AC CAMERFIRMA PERU - 2016 POR CAMERFIRMA PERU S.A.C |
| Peru | QUALIFIED CERTIFICATES ISSUED BY CA AC RACER 2009 |
| Peru | ANF AC ROOT CERTIFICATION ENTITY PERU |
| Peru | ANF AC AUTHORITY CERTIFICATION PERU S.A.C |
| Peru | EC BMCERT |
| Peru | ENTIDAD DE CERTIFICACION INDENOVA PERU |
| Peru | INDENOVAS ROOT CERTIFICATION AUTHORITY OF PERÚ |
| Peru | ACEPTA - INTERMEDIA SELLADO DE TIEMPO 2018 |
| Peru | ACEPTA - INTERMEDIA FIRMA DIGITAL 2018 |
| Peru | ACEPTA - INTERMEDIA FIRMA ELECTRONICA 2018 |
| Peru | ACEPTA - ROOT 2018 |
| Peru | ENTIDAD DE CERTIFICACION CORE ANDINA |
| Peru | ENTIDAD DE CERTIFICACIÓN CORE ANDINA - RAÍZ |
| Peru | CA BIT4ID SAC CA2 2016 BY UANATACA |
| Peru | CA BIT4ID SAC CA1 2016 BY UANATACA |
| Peru | CA BIT4ID SAC ROOT 2016 BY UANATACA |
| Peru | CA LLAMA.PE SHA256 STANDARD CA BY LLAMA.PE |
| Peru | CA LLAMA.PE ROOT CA BY LLAMA.PE |
| Peru | SIGNE CERTIFICATION AUTHORITY |
| Peru | CERTIFICATION AUTHORITY FIRMAPROFESIONAL CIF A62634068 |
| Peru | INTERMEDIATE CA OF INDENOVA PERU |
| Peru | ROOT CERTIFICATION AUTHORITY OF INDENOVA PERU |
| Peru | SOFT & NET SOLUTIONS SAC INTERMEDIATE CERTIFICATION AUTHORITY |
| Peru | SOFT & NET SOLUTIONS SAC ROOT CERTIFICATION AUTHORITY |
| Peru | ROOT AND SUBSEQUENT LEVEL CERTIFICATION AUTHORITY OF TOC PERU SAC |
| Peru | AC ROOT 5 OF THE SECRETARIA DE GOBIERNO Y TRANSFORMACION DIGITAL |
| Dominican Republic | ABA CA1 |
| Dominican Republic | AVANSI CERTIFICADOS DIGITALES |
| Dominican Republic | VIAFIRMA TSA SUB CA |
| Dominican Republic | VIAFIRMA QUALIFIED CERTIFICATES |
| Dominican Republic | digifirma CA Subordinada 1 |
| Dominican Republic | inDenova SUB CA 003 |
| Dominican Republic | OGTIC QUALIFIED CERTIFICATES |
| Dominican Republic | ECD Thomas Signe Colombia |
| Total | 77 |
Africa and Middle East
| Country | Accepted certificate provider |
|---|---|
| United Arab Emirates | UAE Global Root CA G4 E2 |
| United Arab Emirates | DigitalTrust Root CA G3 |
| United Arab Emirates | DigitalTrust Root CA G4 |
| Morocco | Baridesign AC Class 3 |
| Morocco | Baridesign AC Class 2 |
| Morocco | Eurafric Trust Root CA |
| Total | 6 |
Transparent pricing and SaaS model
Certvalidator is offered as a SaaS service with a fixed fee and a variable cost per use, adapting to the authentication volume of each platform.
Monthly subscription
To get started quickly and flexibly
25 €
/month
+ 0,35 € per authentication performed
- Fixed monthly fee
- Pay-per-use based on volume
- Ideal for pilots or ramp-up
Annual subscription
Better monthly price with annual commitment
19 €
/month
+ 0,35 € per authentication performed
- Reduced monthly fee
- Pay-per-use based on volume
- Ideal for production
The usage cost applies per processed authentication. For volume needs or specific coverage, contact us.
Frequently asked questions about Certvalidator
What type of platforms is Certvalidator designed for?
Certvalidator is designed for web platforms that need to securely identify their users, especially in registration, login, onboarding or digital procedures where knowing the user’s real identity is required.
What role does the digital certificate play in the authentication process?
The digital certificate acts as an access credential. Certvalidator uses it to identify the user, verify its validity and extract the necessary data so the platform can authorize access or complete registration.
Does Certvalidator work with certificates from different countries?
Yes. The service validates digital certificates issued by recognized Certification Authorities, providing multi-country support and returning data in a standardized format for the platform.
Can it identify a company and not just an individual?
Yes. When supported by the certificate, Certvalidator identifies the represented company and its legal representative, facilitating business onboarding without requiring additional documentation.
What happens if the user’s certificate is not valid?
If the certificate is expired, revoked or does not meet the configured criteria, Certvalidator reports the validation result so the platform can decide how to proceed.
Is it mandatory to store the full digital certificate?
No. The use of the full certificate in PEM format is optional. The platform may use only the extracted data or store the certificate solely if traceability or auditing is required.
Does Certvalidator replace an eKYC system?
It does not replace it, but it can complement it. In many cases, when the user has a digital certificate, Certvalidator allows the identification process to be completed without running an additional eKYC flow.
Does integrating Certvalidator require major changes to the platform?
No. Certvalidator is designed for simple integration, delegating the complexity of handling digital certificates and returning only the data required for the platform’s business logic.
Is Certvalidator used to validate documents or electronic signatures?
No. Certvalidator focuses exclusively on user authentication. For electronic signature or signed document validation, Lleida.net offers specific solutions such as USVC.
Do you have a specific use case or need advice?
Talk to our team and we will help you integrate Certvalidator into your platform.