Skip to content
Frederikus edited this page Jun 27, 2023 · 7 revisions

Replacement of RSA certificates with ECC certificates – Switchover date

In our previous note (see "Applet 1.7 eID cards with ECC certificates" ) it was announced that it would be possible for citizens to replace the certificates on their old cards (with RSA keys and RSA certificates) with the most recent type of ECC certificate . This note also described all the technical details you might need to prepare your systems for this. With this note we wish to inform you that the changes announced at that time will go live on 11/09/2023.

The official announcement of this change can be found on the forum at eid-middleware-dev

Applet 1.7 eID cards with ECC certificates

Applet 1.7 cards that will be re-keyed will now get certificates (authentication and non-repudiation) signed by citizen and foreigner CA’s that have an EC key, and which in turn will be signed by an EC Belgian Root CA.

The RRN certificate is now an EC RRN certificate that falls under an EC Belgian rootCA. The signature files (EF SGN#ID and EF SGN#Address), that will be re-created during the re-keying on the eID card, will now be in the EC format like on the applet 1.8 eID cards.

The technical information about this change can be found in the addendum on our documentation at applet 1.7 card content addendum
The official announcement of this change can be found on the forum at eid-middleware-dev

Important notice concerning public trust

Due to a policy change enforced by the CA/B forum (browser community and CA’s), the Belgian Root CA 2,3 and 4 will no longer be automatically trusted by the browsers. More information can be found on this page.

Announcement applet 1.8

An official communication has been be sent to developers to announce the planned release of a new version of the card applet (version 1.8, whereas the current applet version is 1.7).
More information can be found on the Applet 1.8 page.

Clone this wiki locally