When you sign with itsme® for the first time, the app will ask you to activate this feature. During the activation, a personal signing certificate is created allowing you to sign a document with a Qualified Electronic Signature. This certificate is personal (linked to your identity and your itsme® app) and valid for maximum 3 years.
It might happen that a new certificate needs to be created for you before the end of the 3 years because your previous certificate has been revoked.
Revocation of all Quovadis certificates on 02.11.2020
On 02.11.2020, Quovadis has revoked all signing certificates created for our itsme® users. This is the result of a compliance issue of the Certificate Authority Quo Vadis as their own certificate contained an extension that was not valid anymore. The browsers (ex. Chrome, Firefox, Safari, etc) insisted that the Quo Vadis certificate with this non-valid extension would be replaced. This issue is not related to a risk or to the signing certificate of our itsme® users. That’s the reason why the impact for you, the itsme® user, is minor. At your next signature with itsme®, you will be asked to activate the feature again and automatically a new signing certificate will be created for you.
All signatures that were created with itsme® Sign in the past were valid and remain valid. Since all itsme® Sign signatures have to be timestamped, they also remain valid after revocation of the old certificate. The security of the certificates and keys of itsme® users was never compromised and there is no impact to relying parties.