Dear users,
On October 7, 2024, between 6:00 and 9:00 AM, there will be a generational replacement of the HSM servers where all personal certificates of users (CTU employees) are physically stored. The replacement is necessary due to legislative developments (two key European standards CEN 419 221-5 for HSM module certification and CEN 419 241-2 for Trustworthy Systems Supporting Server Signing certification) and the possibility of further service operation within the implemented scope.
The new interfaces, with higher required security standards, will also bring “minor” operational changes. Users will have one universal PIN (certificate password) for all trust elements (certificates) stored in the OBELISK system (there will be no need to distinguish which PIN to use at any given moment). The PIN must now meet a minimum length of 8 characters from at least two character sets.
Since the private keys of certificates (generally from encryption means) are non-transferable, each user will need to generate a new certificate from CA CESNET in the new OBELISK system environment after 9:00 AM on October 7, 2024, to continue signing documents in the CTU IS. Holders of qualified certificates and their migration to the new environment will be addressed separately and individually.
A detailed guide has been prepared for the process of creating a new certificate.
A detailed guide has been prepared for the process of creating a new qualified PostSignum certificate.
Thank you for your understanding and necessary cooperation
Obelisk System Administration Team