-
|
Hi @phax , I'm still unsure if I understood correctly what is Peppol Official page announcing about timeline to move from G2 -> G3. Currently, our Test system upgraded G2 -> G3 for both AP and SMP certificates.
My question is that, from now on, our Production can update to G3 for both AP and SMP certificates. And after 1st April (T2) only use new PKI (DOTL) as a truststore (the legacy one should be removed). Am I understood correctly? Thank you, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Hi @tonytram To be resilient, I propose to not remove the G2 certificates as trusted from April 1st - wait until you are sure that everybody that is sending to you updated properly. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your quick and helpful response. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @phax |
Beta Was this translation helpful? Give feedback.
-
|
No I don't think that. OpenPeppol has no way of controlling that. It is only a resilience effort from your side. The key element is to securely exchange documents. As long as the signers G2 certificate is still valid, you are okay. |
Beta Was this translation helpful? Give feedback.
Hi @tonytram
Please see #334 for the "what".
Please perform the PKI changes in production asap.
To be resilient, I propose to not remove the G2 certificates as trusted from April 1st - wait until you are sure that everybody that is sending to you updated properly.