DigiCert QuoVadis



Für mehr Informationen
+41 71 228 98 00


QuoVadis Reponse to OCSPSigning EKU Issue
10 Jul 2020

Recently DigiCert+QuoVadis and multiple other Certificate Authorities (CA) worldwide were made aware of a technical issue affecting OCSP responses, where it would be theoretically possible in some circumstances for an issuing CA to create OCSP responses for Certificates not created or managed by it. OCSP is a technology used to validate that a Certificate is valid and has not been revoked.

The issue has been discussed at length here. We also provide an analysis here.  Since being made aware of the issue, DigiCert+QuoVadis have been investigating the options available and implementing mitigations. It has been decided longer term to transition to new infrastructure, and that certain Subscriber Certificates will be replaced.


For Customers using one of the affected Certificates, a replacement Subscriber Certificate will be required. This replacement is free of charge. Certificates issued from the following QuoVadis CAs will require replacement: 

  • QuoVadis Europe Advanced CA G1 
  • QuoVadis Europe SSL CA G1 
  • QuoVadis EV SSL ICA G1 and G3 
  • QuoVadis Qualified Web ICA G1 
  • QuoVadis Swiss Advanced CA G3 
  • QuoVadis Swiss Regulated CA G1 and G2


For the time being your existing Certificates can still be used, with replacement staged over a period of months. If you are affected, DigiCert+QuoVadis will be in touch to arrange the replacement of your Certificates in due course. Once DigiCert+QuoVadis have determined a date for the replacement of your Certificate then you will be notified and informed of the procedure.

We understand that our Customers are concerned about possible disruptions and we will work with you to reduce the impact where possible.