Attach Digital Certificate

Attach Digital Certificate

First, when using a digital certificate, you should connect to the following endpoint in a production environment:
(in case of test environment:
You have to use the so-called “Client Certificate Authentication” method when sending requests to the TBC Integration service; please, see .NET code samples below how to “attach” digital certificate to the request:

This code reads authentication data from the certificate that is installed in the client OS:

this.Url = "";
        ServicePointManager.ServerCertificateValidationCallback += delegate { return true; };
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
        X509Store store = new X509Store(StoreLocation.CurrentUser);
        X509Certificate cert = null;
        for (int i = 0; i < store.Certificates.Count; i++)
            if (String.Compare(store.Certificates[i].SubjectName.Name, "‎[email protected], CN=MBS_LTD_DBI, OU=DBI, O=MBS_LTD, L=Tbilisi, S=GE, C=GE", true) == 0)
                cert = store.Certificates[i];


This code reads authentication data from the certificate file:

private static HttpWebClientProtocol AttachCertificate(HttpWebClientProtocol req)
            string certPath = new Page().Server.MapPath("~/Services/TBC/certificate.pfx");
            const string certPass = "123456";

            X509Certificate2Collection collection = new X509Certificate2Collection();
            collection.Import(certPath, certPass, X509KeyStorageFlags.PersistKeySet);
            X509Certificate cert = collection[1];
            return req;
        public static void ChangePassword(string nonce, string password)
            var cp = new ChangePasswordService { Url = Url };
            cp = (ChangePasswordService)AttachCertificate(cp);
            SecurityHeader.AddChangePasswordHeader(cp, nonce);
            var result = cp.ChangePassword(password);

You should send username and password in service requests – username and temporary password were passed to the company’s representative within a secure envelope in the TBC Bank.

And please consider that:

  1. The password that is included in the envelope is temporary – you should change it using ChangePassword Web Service;
  2. Passwords in the TBC system have an expiration period – thus when the password is expired, the system always returns the error CREDENTIALS_MUST_BE_CHANGED and the user must set a new password using ChangePassword Web Service;
  3. Sending of the ‘Nonce’ value in the ChangePassword request is mandatory – you will need a token device to generate it.