Revenue uses Digital Certificates to ensure that data is securely transmitted to their servers and that only permitted users can submit information. A digital certificate is a file containing your unique key for logging into ROS. If you try to open it in a text editor, you will only see encrypted text.
Payback uses these files to communicate with ROS. Once this is set up, you will not have to worry about it again until your certificate expires in a couple of years time.
How to find your certificate
If you already have your ROS digital certificate and password handy, you can skip this part and move onto 'Loading your ROS digital certificate'
Before proceeding with this, you should have registered with ROS and have a ROS account. On the computer and browser you use to log into ROS, open www.ROS.ie.
Click on the 'Manage My Certificates' link.
Saving your certificate
To save your certificate.
Click the download symbol next to the certificate name that you log in with to save the certificate file. It will be saved as a .bac file. You will need this file for the next step.
(ROS automatically saves these files as .bac files)
Loading your ROS digital certificate
Select the new 'Revenue' section on the Payback menu.
Click the 'Digital Cert' icon. The Digital Certificate Manager screen will appear.
Click the 'Add New Certificate' button to launch the wizard
You can use this screen for all types of digital certificates. (TAIN, Sub-cert, Standard, Test etc)
Adding a new certificate
The Digital Certificate wizard will appear. This will guide you through the process of adding a new digital certificate.
Click the 'Next' button
Select Digital Certificate file
You can either drag and drop the certificate file onto the box or click the 'Load Certificate' button. Note that file name should end in P12 or bac.
This is the same file you saved from ROS.ie earlier.
When you have successfully selected your certificate file, a blank certificate will appear in the box, and you'll be able to click the 'Next' button.
Enter Password and Description
The final step to enter your certificate password in the password box.
There is also the option to enter a description for the certificate. You do not have to enter a description, but we would recommend it as it can be difficult to tell various certificates apart otherwise.
The password is the same password you use to log into ROS.
If you are a Tax Agent (eg, accountant or bookkeeper etc) or the certificate requires a TAIN, click the TAIN check box and enter the Tax Agent Number (TAIN)
Link Companies to the Digital Certificate
The next and final step is to choose which of companies you would like to link to this digital certificate. This is done by clicking on the list of companies so a blue tick appears next to the relevant company.
If you have uploaded a TAIN (tax agent) digital certificate, a button appears below the list called 'link all'. Clicking this will link all the listed companies to your new digital certificate, removing any existing links to other digital certificates that may exist for your companies.
If you have entered an incorrect password for the digital certificate, or the certificate file was corrupted, then a list of companies will not appear. Instead an error message will appear informing you of the problem. You will have to re-load your certificate.
Finishing the wizard
Click the Finish Button to complete the wizard.
You should see your new digital certificate appear in the Digital Certificate Manager.
The next step is to assign your new certificate to your company(s)
Changing the companies your cert is linked to
You have now successfully added your new digital certificate.
It is possible to change which companies your certificates are linked to by selecting the Digital Certificate in the Digital Certificate grid and selecting the appropriate companies. TAIN certificates can be assigned to multiple companies.
At the bottom of the certificate manager screen is a list of all the companies you have set up in Payback.
IMPORTANT: If you do not assign a cert to your company, then your RPNs and Submissions will not work!
Checking your Certificate
At the top of the digi-cert manager screen is a Check button. If you are having problems with a digital certificate, select the certificate in the grid and click the 'Check' button. A dialogue will appear that tests your certificate.
Any one of these three scenarios can happen:
Corrupt certs or certs with incorrect passwords are displayed in 'Red' in the digital certificate manager.
Using windows to check your certificate is valid
On occasion, Revenue may inform you that an incorrect password or corrupt cert file is 'a payroll software problem'
To prove that this is not the case you can manually check your certificate in Windows. To check if the file you are uploading is a valid ROS Cert file, open File Explorer in Microsoft Windows (not Payback)
Go to the folder that has your certificate file. Make sure that the file name has the extension .P12 (ie, that it ends in .p12 and not .bac, .com or anything else) You may need to rename your ROS cert file.
Double click your mouse pointer on the file to open it.
Invalid Certificate
When you double clicked the certificate in Windows a dialogue like the one opposite appears, then then means that your certificate file is either corrupt or not a digital certificate file.
To fix this you need to download the certificate again from ROS. Sometimes digital certificates can become corrupt when downloaded.
Some users have also downloaded the incorrect item, like the ROS html webpage.
Valid Certificate
If this dialogue does appear, then the file is a valid certificate file, but you are most likely using an incorrect password.
The password should be the one you use to log into ROS.ie.
Note that if you've recently renewed your digital certificate, you may have changed your password as well.
To test that your digital certificate password is correct, make sure that the 'Store Location' is 'Current user' and click the 'Next' button.
Certificate File Location
The next step in the Wizard asks about your certificate file location.
Please click the 'Next' button.
You do not have to do anything else here.
Checking the Password
The next step in the Wizard will allow you to check the Digital Certificate password is correct.
Enter the password you have been using and click 'Next'.
If the password is wrong, a message will appear that says 'The password you have entered is incorrect'
To fix this you should go to ROS.ie and click 'Reset Login' where is says 'Cannot find certificate or forgot password'
ROS.ie also uses a copy of your digital certificate to access data. It can be a good test to see if the certificate is working (but does not check all of the permissions allocated to the certificate). If you are unable to log into ROS.ie, or see your data in ROS.ie, you will need to contact Revenue for them to fix this.
It is possible that the digital certificate you are using in payback is different to the digital certificate you are using in ROS.ie. This is the most common cause of digital certificate problems. To complicate matters, Revenue can also expire your digital certificate early, or change permissions. If you can access data in ROS, but not Payback, then you are using different digital certificates.
Try reloading your digital certificate from ROS following the instructions above.
When downloading the certificate from ROS, be careful that you do not mix it up with an old digital certificate that you previously downloaded. This is a common problem. You might need to clear your browser cache and rename the certificate file to stop this from happening.
In the Digital Certificate Manager screen in Payback, select the Digital Certificate you loaded and make sure that your company, in the company list at the bottom of the screen, is ticked.
The Employer No. (found in the Contact Tab of the Company screen) Must be entered and be correct for the certificate to work. It is made up of seven numbers followed by one, or two letters. An example is 5266273H. Check the Password is correct. This is the same password you use to log into ROS.ie. Note that you may have recently changed this password, especially if Revenue have recently expired your certificate. If you are a Tax Agent and have a TAIN digital certificate, ensure that the TAIN is also correct, and that you have permission to access all of your clients in ROS.ie
This means that the Digital Certificate you are using to connect to Revenue does not correctly have the Employer set up. To fix this, make sure that the certificate has been set up correctly in ROS, and that it has access to the Employer with full permissions (Payroll and ERR). When you have done that, download the certificate again and load it into Payback. It make take 24 to 48 hours for the change to take effect. Make sure that the Employer No. is entered correctly in Payback for the company.
This means that the Digital Certificate you are using to connect to Revenue does not have adequate permissions set up. To fix this, make sure that the certificate has been set up correctly in ROS, and that it has access to the Employer with full permissions (Payroll and ERR). Tick all the boxes (View, Prepare and File). When you have done that, download the certificate again and load it into Payback. It make take 24 to 48 hours for the change to take effect.
You will need to renew your digital certificate in ROS, download it, load it into Payback and allocate it in Payback to your company.
The main registered Admin in ROS should give more permissions to sub-user ( person who processes the Payroll).
Here are the instructions on How to give permission to "submit and view " ERR Reports with Payroll submission.
If there is a problem with your certificate, please contact Revenue's employer helpdesk at 01-7383638 It's not a Payroll Software problem!
Download a Free Trial
Get started with a free trial. You can process two full payments and be confident that Payback does everything you require at no risk.