Introduction

Revenue uses Digital Certificates to ensure that data is securely transmitted to their servers and that only permitted users can submit information. A digital certificate is a file containing your unique key for logging into ROS. If you try to open it in a text editor, you will only see encrypted text.

Payback uses these files to communicate with ROS. Once this is set up, you will not have to worry about it again until your certificate expires in a couple of years time.

How to find your certificate

If you already have your ROS digital certificate and password handy, you can skip this part and move onto 'Loading your ROS digital certificate'

Before proceeding with this, you should have registered with ROS and have a ROS account. On the computer and browser you use to log into ROS, open www.ROS.ie.

Click on the 'Manage My Certificates' link.

Saving your certificate

To save your certificate.

Click the download symbol next to the certificate name that you log in with to save the certificate file. It will be saved as a .bac file. You will need this file for the next step.

(ROS automatically saves these files as .bac files)

Loading your ROS digital certificate

Select the new 'Revenue' section on the Payback menu.

Click the  'Digital Cert' icon. The Digital Certificate Manager screen will appear.

Click the 'Add New Certificate' button to launch the wizard

You can use this screen for all types of digital certificates. (TAIN, Sub-cert, Standard, Test etc)

Adding a new certificate

The Digital Certificate wizard will appear. This will guide you through the process of adding a new digital certificate.

 

Click the 'Next' button

Select Digital Certificate file

You can either drag and drop the certificate file onto the box or click the 'Load Certificate' button. Note that file name should end in P12 or bac.

This is the same file you saved from ROS.ie earlier.

When you have successfully selected your certificate file, a blank certificate will appear in the box, and you'll be able to click the 'Next' button.

Enter Password and Description

The final step to enter your certificate password in the password box.

There is also the option to enter a description for the certificate. You do not have to enter a description, but we would recommend it as it can be difficult to tell various certificates apart otherwise.

 

The password is the same password you use to log into ROS.

 

If you are a Tax Agent (eg, accountant or bookkeeper etc) or the certificate requires a TAIN, click the TAIN check box and enter the Tax Agent Number (TAIN)

Link Companies to the Digital Certificate

The next and final step is to choose which of companies you would like to link to this digital certificate. This is done by clicking on the list of companies so a blue tick appears next to the relevant company.

If you have uploaded a TAIN (tax agent) digital certificate, a button appears below the list called 'link all'. Clicking this will link all the listed companies to your new digital certificate, removing any existing links to other digital certificates that may exist for your companies.

If you have entered an incorrect password for the digital certificate, or the certificate file was corrupted, then a list of companies will not appear. Instead an error message will appear informing you of the problem. You will have to re-load your certificate.

Finishing the wizard

Click the Finish Button to complete the wizard.

You should see your new digital certificate appear in the Digital Certificate Manager.

The next step is to assign your new certificate to your company(s)

Changing the companies your cert is linked to

You have now successfully added your new digital certificate.

It is possible to change which companies your certificates are linked to by selecting the Digital Certificate in the Digital Certificate grid and selecting the appropriate companies. TAIN certificates can be assigned to multiple companies.

At the bottom of the certificate manager screen is a list of all the companies you have set up in Payback.

  1. Make sure the correct digital certificate is selected in the main certificate grid
  2. Click the Company so that there is a blue tick next to it. This means that the certificate has been assigned to this company.

IMPORTANT: If you do not assign a cert to your company, then your RPNs and Submissions will not work!


Digital Certificate Trouble shooter

Checking your Certificate

At the top of the digi-cert manager screen is a Check button. If you are having problems with a digital certificate, select the certificate in the grid and click the 'Check' button. A dialogue will appear that tests your certificate.

Any one of these three scenarios can happen:

  1. The digital certificate password is incorrect. This means that Payback can not use this certificate because the wrong password has been entered. Passwords are case sensitive, which means 'MYpaSSworD' is not the same as 'mypassword'. If you've recently renewed your cert in ROS, it is likely that the password was also changed.
  2. The digital certificate file is corrupt. Sometimes the file is not downloaded properly which corrupts the file. If this persists, you may have to contact Revenue to get a certificate for you.
  3. The Cert is tested against all the companies that have been linked to it for connectivity for Payroll and ERR (Expenses reporting). It is possible for a cert to be okay for Payroll, but not ERR.

Corrupt certs or certs with incorrect passwords are displayed in 'Red' in the digital certificate manager.

Using windows to check your certificate is valid

On occasion, Revenue may inform you that an incorrect password or corrupt cert file is 'a payroll software problem'

To prove that this is not the case you can manually check your certificate in Windows. To check if the file you are uploading is a valid ROS Cert file, open File Explorer in Microsoft Windows (not Payback)

Go to the folder that has your certificate file. Make sure that the file name has the extension .P12  (ie, that it ends in .p12 and not .bac, .com or anything else) You may need to rename your ROS cert file.

Double click your mouse pointer on the file to open it.

Invalid Certificate

When you double clicked the certificate in Windows a dialogue like the one opposite appears, then then means that your certificate file is either corrupt or not a digital certificate file.

To fix this you need to download the certificate again from ROS. Sometimes digital certificates can become corrupt when downloaded.

Some users have also downloaded the incorrect item, like the ROS html webpage.

Valid Certificate

 

If this dialogue does appear, then the file is a valid certificate file, but you are most likely using an incorrect password.

The password should be the one you use to log into ROS.ie. 

Note that if you've recently renewed your digital certificate, you may have changed your password as well.

To test that your digital certificate password is correct, make sure that the 'Store Location' is 'Current user' and click the 'Next' button.

Certificate File Location

The next step in the Wizard asks about your certificate file location.

Please click the 'Next' button.

You do not have to do anything else here.

Checking the Password

The next step in the Wizard will allow you to check the Digital Certificate password is correct.

Enter the password you have been using and click 'Next'.

If the password is wrong, a message will appear that says 'The password you have entered is incorrect'

To fix this you should go to ROS.ie and click 'Reset Login' where is says 'Cannot find certificate or forgot password'

Please Check:

  • That you can access your payroll data using ROS.ie

ROS.ie also uses a copy of your digital certificate to access data. It can be a good test to see if the certificate is working (but does not check all of the permissions allocated to the certificate). If you are unable to log into ROS.ie, or see your data in ROS.ie, you will need to contact Revenue for them to fix this.

  • You are using the same digital certificate in Payback that you are for ROS.ie

It is possible that the digital certificate you are using in payback is different to the digital certificate you are using in ROS.ie. This is the most common cause of digital certificate problems. To complicate matters, Revenue can also expire your digital certificate early, or change permissions. If you can access data in ROS, but not Payback, then you are using different digital certificates.

  • Make sure that you are using the correct digital certificate in Payback

Try reloading your digital certificate from ROS following the instructions above.

When downloading the certificate from ROS, be careful that you do not mix it up with an old digital certificate that you previously downloaded. This is a common problem. You might need to clear your browser cache and rename the certificate file to stop this from happening.

In the Digital Certificate Manager screen in Payback, select the Digital Certificate you loaded and make sure that your company, in the company list at the bottom of the screen, is ticked.

  • Check that the Employer Number and Password are both correct

The Employer No. (found in the Contact Tab of the Company screen) Must be entered and be correct for the certificate to work. It is made up of seven numbers followed by one, or two letters. An example is 5266273H. Check the Password is correct. This is the same password you use to log into ROS.ie. Note that you may have recently changed this password, especially if Revenue have recently expired your certificate. If you are a Tax Agent and have a TAIN digital certificate, ensure that the TAIN is also correct, and that you have permission to access all of your clients in ROS.ie

Error Messages:

  • No active link between Agent TAIN and Employer Registration Number.
  • Unauthorised request: Employer Registration Number and ROS Digital Certificate must be linked.

This means that the Digital Certificate you are using to connect to Revenue does not correctly have the Employer set up. To fix this, make sure that the certificate has been set up correctly in ROS, and that it has access to the Employer with full permissions (Payroll and ERR). When you have done that, download the certificate again and load it into Payback. It make take 24 to 48 hours for the change to take effect. Make sure that the Employer No. is entered correctly in Payback for the company.

  • Agent does not have appropriate permissions.
  • Cert does not have appropriate permissions.

This means that the Digital Certificate you are using to connect to Revenue does not have adequate permissions set up. To fix this, make sure that the certificate has been set up correctly in ROS, and that it has access to the Employer with full permissions (Payroll and ERR). Tick all the boxes (View, Prepare and File). When you have done that, download the certificate again and load it into Payback. It make take 24 to 48 hours for the change to take effect. 

  • Unauthorised request: ROS Digital Certificate has expired.
  • Unauthorised request: Invalid ROS Digital Certificate provided.

You will need to renew your digital certificate in ROS, download it, load it into Payback and allocate it in Payback to your company.

 

Fixing ERR permissions for a Sub-Cert

The main registered Admin in ROS should give more permissions to sub-user ( person who processes the Payroll).
Here are the instructions on How to give permission to "submit and view " ERR Reports with Payroll submission.

  1. In the ROS system Admin should find “ Admin Services”, and pick – Revise.
  2. Find sub-user-, and pick – Revise.
  3. Scroll down and pick– submit and view ERR.
    It should be an instant change, but it is better to log out and log in again.
  4. The new Certificate will be downloaded to your PC automatically.
  5. Then upload the new Digital certificate to Payback again.

 

Important Notes

  • If you use the wrong certificate for your company, the certificate will load but your submissions will fail.
  • Attempting to load a file that is not a Digital Certificate file or does not have the file extension 'P12' or 'bac' will cause an error message saying "This is not a valid P12 Digital certificate"
  • When you certificate expires, you will need to obtain a new certificate from ROS and re-import it into Payback by using the Payback Digital Certificate Manager screen.
  • You must enter the correct password for the certificate to successfully import a certificate.
  • Dragging a certificate onto the box will not move the certificate from your computer. Payback makes a copy of it and puts it in secure storage.
  • For multi-user (networked) version, you only need to load the certificates on one computer. The other computers will automatically have access to the certificate.
  • If you or Revenue update permissions for a digital certificate (either Payroll or ERR), this can take 24 to 48 hours to take effect.

If there is a problem with your certificate, please contact Revenue's employer helpdesk at 01-7383638 It's not a Payroll Software problem!

 

 

Try out a fully functional version of Payback. You can process payroll for all your employees for 2 pay periods.

Visit our secure webstore

Download a Free Trial

Get started with a free trial. You can process two full payments and be confident that Payback does everything you require at no risk.