Changes in the Time-Stamping Service
On January 4th 2021 the SK Time-Stamping Service certificate will be updated, which will affect all the SK Time-Stamping Service users. In February 2021 a configuration change is made, which can be tested in the DEMO environment starting from 10.12.2020.
Schedule for changes can be found below:
Production environment changes
- 04.01.2021, 15:00 EET new SK Time-Stamping Service certificate will be taken into use „SK TIMESTAMPING AUTHORITY 2021“
- 18.02.2021, 15:00 EET configuration change in the Time-Stamping-Service
Demo environment changes
- 10.12.2020 new SK DEMO Time-Stamping Service certificate will be taken into use „DEMO SK TIMESTAMPING AUTHORITY 2020“ and configuration change will be made
New Time-Stamp Service certificates can be downloaded from the SK repository https://www.skidsolutions.eu/en/repository/certs/ (SK TIMESTAMPING AUTHORITY 2021 ja DEMO SK TIMESTAMPING AUTHORITY 2020).
The new production certificate has been added to the Trusted List (TL) since version 51, which was published on November 13, 2020.
Information systems that perform signing and signature validation operations, need to be configured to trust the new Time-Stamping Service certificate directly or trusted list (TL) needs to be updated. We highly recommend making all the necessary changes in the information systems before January 4, 2021. In information systems where the change is not made before 4th of January, use of the Time-Stamping Service may be interrupted, including signing documents and validation of signatures, as well as X-Road data exchange.
A configuration change is required to comply with RFC 5816 and RFC 6211 standards. The change specifies SHA256 as the default digest algorithm for calculating the digest of the signing certificate. Also the ’cmsAlgorithmProtect’ signed attribute will be included in the response by default.
Please test your services in the updated DEMO environment and make sure that your service is compatible with the new settings and works smoothly.