Configure the exchange with the tax authority for ‘BAPI’ PKI (communication service)
In most cases it is recommended that you use ‘BAPI’ PKI for exchanging information. You configure your communication environment and sub-environments correctly.
The communication profile contains all data needed to exchange messages with the tax authority: your company data, the PKI certificate and your mailbox with the tax authority. If you do not have a PKI certificate or a mailbox, you can request it via the communication profile.
Content |
Description
In most cases it is recommended that you use ‘BAPI’ PKI for exchanging information. You configure your communication environment and sub-environments correctly.
You can freely structure the communication environments and sub-environments, except when you process ‘EKAs’ via Profit Fiscal.
When ‘EKAs’ are exchanged via Profit Fiscal you must record the environment in which you process the ‘EKAs’ in the communication environment. Normally speaking you would use a single environment for this purpose. If you require multiple environments for processing ‘EKAs’, the following applies:
- For every environment in which you process ‘EKAs’ your require a separate communication environment with its own mailbox.
- You can use the same PKI certificate each time, however.
Note:
If you are converting from Profit 2011 to Profit 2014 it is recommended that you use the same main and sub-environments.
You need PKI certificates from KPN and a mailbox with the tax authority for the exchange. After you have imported the certificates into Profit and recorded the mailbox data, you must link the certificates to the mailbox. As you can see from the overview below, two possible scenarios can occur:
- You request the certificates and the mailbox via Profit
You request the PKI certificates from KPN. Once you have received them you import them into Profit. If you then request a mailbox, it is automatically linked to the already existing PKI certificates. When you receive the mailbox data from the tax authority and record it in Profit, you have completed the configuration.
- You already have certificates and/or a mailbox.
You import the PKI certificates and record the mailbox data in Profit. In this situation you subsequently still need to link the PKI certificates to the mailbox.
Follow the diagram below in order to execute the steps in the proper sequence.
Procedure
- Register as a 'KPN’ subscriber
You can only request and use 'KPN’ certificates if you first register as a 'KPN’ subscriber.
- Open ports on the server (only on a local installation)
The communication service uses a protected connection. You must open the 110 and 587 ports on the server. In AFAS Online, these ports are correctly configured, so skip this step.
The TLS security method must be supported. You can also use the SSL method. You can set this up the properties of the BAPI profile.
- Apply for a ‘BAPI PKI' certificate
You request a PKI certificate from KPN via Profit if you do not have a valid certificate. Profit sends a digital request to KPN. You must print, sign and send in the application form yourself.
- Import a ‘BAPI PKI' certificate
You will receive two certificates that belong together: the E-certificate and the DS-certificate. You import these certificates into Profit.
- Apply for a ‘BAPI PKI' post box
Request a mailbox from the tax authority via Profit if you do not have a mailbox.
- Link a ‘BAPI PKI' post box to a certificate
You check whether Profit is able to establish a connection with the tax authority on the basis of the ‘BAPI’ communication profile.
- Configure a post box
- Test a connection
- Process a rejected certificate application
The request gets the Request registered in Profit status. This action is intended if 'KPN' rejects your application or to remedy incorrect information after the application has been sent electronically.