Managing PASI Certificates

When Integrating with PASI, software solutions will need to consider how their PASI Certificates will be managed / secured within their solution.

Architectural Considerations

The following questions should be considered when an integration solution establishes the processes and functionality used when Managing PASI Certificates.

What is the SIS approach for monitoring and notification of PASI certificate expiration and notification?

PASI certificates are valid for 14 months. When a SIS’s PASI certificate expires, it will no longer be able to communicate with PASI. To avoid PASI connectivity interruptions, a new certificate must be requested and installed prior to the expiration of the current PASI certificate.

PASI recommends that a SIS have functionality that allows administration staff to view a SIS’s certificate details such as certificate expiry date. As well, when a certificate is approaching its expiration date, the SIS must provide advance notification to administration staff of the ‘soon to expire’ PASI certificate so action can be taken to request and install a new PASI certificate.

What approach is used when authentication errors are received when attempting to connect to PASI?

PASI recommends when a SIS is no longer able to communicate with PASI, due to an expired certificate or any other reason, it must immediately notify administration staff so actions can be taken to resolve the issue.

How is the client PASI certificate secured within your environment?

Certificates used for connection to PASI must be secured to ensure they can only be used by the SIS to access PASI data.

PASI requires that certificates be stored on a physically secured server with appropriate physical and logical access controls and auditing in place.