Skip to main content
Skip table of contents

Single Touch Payroll (STP) Certificate

For PayGlobal to be able to send your STP information to the Australian Tax Office (ATO), a secure socket layer (SSL) certificate must be installed.

These STP Certificates are only valid for 12 months. When they expire, your STP submissions will fail, with a message like the following:

image-20240515-030540.png

Errors that indicate the STP Certificate has expired are:

  • Client certificate not found.

  • An error occurred while sending the request.  The request was aborted: Could not create SSL/TLS secure channel.

  • Client certificate thumbprint not specified.

  • Response status code does not indicate success: 401 (Unauthorized).

  • Response status code does not indicate success: 403 (Forbidden).

Requesting a new STP Certificate

When the STP Certificate is due to expire (or if it has already), an authorised contact will need to reach out to MYOB PayGlobal Support to request the latest version. This request should be made in writing via email.

We’ll reply to their email and provide the following:

  • The latest version of the STP Certificate (the certificate will be in a secure '.pfx' format).

  • The password required for installing the STP Certificate

  • The thumbprint required for the STP Certificate

The password and thumbprint will be in a secure, password protected link – the password for this link will be sent separately to the certificate email, typically via SMS to an appropriate mobile number. If no mobile number is available for this, we will arrange a call to provide this password to you over the phone.

Installing the STP Certificate

For on-premise customers, installation and updating of the STP Certificate should be completed by their IT team.

When installing the STP Certificate, your IT team will need to:

  • Remove any certificates that have been previously installed for MYOB PayGlobal.
    This is because the first certificate found will be used by PayGlobal, even if it has expired.

  • Install the certificate on every machine that runs the hr.exe (i.e. the certificate must be installed where the hr.exe process is running).

  • Install the certificate into either the Local Machine or the user's certificate store.
    We recommend allowing Windows to automatically select a certificate store based on the type of certificate being installed.

  • Ensure the Private key is marked as non-exportable.


Two important things to note: 

  1. The STP Certificate Thumbprint must be updated in the PayGlobal.Business.Net.dll.config file (in every PayGlobal application folder):

    image-20240515-223425.png

  2. Every PayGlobal user that is expected to submit STP data to the ATO, must have at least read-only access to the private key on the PayGlobal certificate (we recommend giving Full Control):

o   From MMC, right-click on the certificate > All Tasks > Manage Private Keys…

image-20240515-030920.png

o   Add all PayGlobal users with Full control.

Checking the STP Certificate has been installed successfully

Once the new STP Certificate, Thumbprint and Permissions are in place, the user can attempt to resend the STP submission again.

Alternatively, the user can:

  1. Navigate to Organisation > Divisions > Internal Companies

  2. Double click on the appropriate Internal Company

  3. Click Edit

  4. Click Get SID

a.       If the SID box appears with a number, the STP Certificate, Thumbprint and Permissions have been installed correctly.

b.       If the SID box appears with ‘Error’, the STP Certificate, Thumbprint and/or Permissions have not been installed correctly.

 

For more information, please refer to our STP Manual:
http://customer.payglobal.com/manuals/STPManual/index.htm

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close