Versions Compared

Old Version 22

changes.mady.by.user Mikael Aksamit

Saved on

compared with

New Version 23

changes.mady.by.user Mairi Hayworth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Please find below information related to activities needed as part of the migration to a new version of the PEPPOL PKI Certificate.

For information about the Certificate issuing process please refer to the OpenPEPPOL public space and section /wiki/spaces/Public/pages/191496224

The short version

The OpenPeppol network eDelivery Network is migrating to a new PKI infrastructure.

  • After 2018-09-03 00:00:00 all Access Points Point Providers in the network MUST entrust both be able to support both the current PKI infrastructure v2 certificates and the new PKI infrastructurev3 certificates. Transactions can still be sent using ANY EITHER v2 or v3 PKI infrastructurecertificates.
  • After 2018-11-30 23:59:59 all Access Points Point Providers in the network MUST only send and receive transactions using the new PKI infrastructurev3 certificates.
  • The needed required Root and Intermediate CAs are available now for download here
  • You will be contacted when it is your turn to enroll for You are encouraged to start enrolling for a PKI v3 certificate from mid-April 2018 in preparation for the September migration.

Background

The reason why this migration The migration is necessary and why it cannot can not wait until the current PKI infrastructure expires is based on the certificates expire, due to the following:

  • Improved security. The current PKI infrastructure is based on SHA-1 cryptography, which was recently announced as not recommended for use, due to discovered exploits. The new PKI infrastructure will be based on certificates supporting SHA-256 cryptography which currently is the recommended web standard. 
  • Responsible organization. In the current PKI infrastructure, the issuing agency organization is "DIGST" (Danish Agency for Digitisation) and a request has been made to move this responsibility to the appropriate organization (OpenPEPPOL AISBL).
  • Minor improvements. Some smaller changes to the naming conventions will make it easier to maintain the certificates and also to utilize a more cost effective pricing model which will be based on the member level rather than on the individual certificates.

...