The Ministry of Health is updating the Transport Layer Security digital certificate that authenticates E-Business Services to client software.

To: OHIP Billing Software Vendors
Category: Billing software specifications
Written by: Claims Services Branch | Health Programs and Delivery Division
Date issued: August 28, 2024
Bulletin Number: 240804

Ministry of Health Electronic Business Services security update

To ensure the ongoing security of Electronic Business Services (EBS) communications, the Ministry of Health installed a new server authentication digital certificate on the servers supporting EBS web services on August 28, 2024. This includes Medical Claims Electronic Data Transfer (MCEDT) and Health Card Validation (HCV) via EBS. This Technical Bulletin is intended to provide details on the upgrade and the procedures required by vendors.

This will not affect most clients, but further action might be required if any digital certificates (specifically the EBS server digital certificate or any certificates upon which it depends) are installed or configured for your software. The method of updating certificates depends on the software package.

If the EBS server digital certificate is installed into your software, the currently installed version must be removed or replaced.

If the Certification Authority’s (Entrust) signing certificates are installed into your software, ensure that the versions are current. The correct certificates are valid until 2030; however, previously distributed versions will expire as early as September 23, 2024.

Certificate details

The Subject of the EBS server TLS digital certificate is “C = CA, ST = Ontario, L = Toronto, O = Ministry of Health, CN = ws.ebs.health.gov.on.ca”

The update should eliminate any requirement to install the EBS server digital certificate into your software, provided the Entrust Root Certification Authority signing certificate is installed as a trusted issuer.

The correct Entrust Certificate Authority signing certificates can be identified by the subject and validity period:

  • Subject: “Entrust Root Certification Authority - G2”, Not after: Dec 7 17:55:54 2030 GMT
  • Subject: “Entrust Certification Authority - L1K”, Not after: Dec 5 19:43:56 2030 GMT (Optional).

If the correct Entrust Root Certification Authority - G2 root signing certificate is not installed in your software, it can be obtained directly from the Entrust certificate download web site linked below:

Root Certificate Downloads | Entrust

The Entrust Certification Authority - L1K intermediate signing certificate should no longer be required; however, if your software requires it, it can also be obtained from the link above.

Keywords/Tags

EBS; web services; Medical Claims Electronic Data Transfer; MCEDT; Health Card Validation; HCV; Entrust; digital certificate.

Contact information

Do you have questions about this INFOBulletin? Email the Service Support Contact Centre or call 1-800-262-6524. Hours of operation: 8:00 a.m. to 5:00 p.m. Eastern Monday to Friday, except holidays.