top of page

Peppol PKI Migration 2025 – From MPKI8 to DOTL

 

 The Peppol community is entering a major transition in 2025 H2, as every Peppol Service Provider must migrate from:
    ๐Ÿ”‘ DigiCert Managed PKI v8 (MPKI8) CA chain → to DigiCert One Trust Lifecycle (DOTL) CA chain

โ€‹

โ€‹What This Means
    ๐Ÿ“ŒAll existing MPKI8 certificates must be replaced with DOTL certificates.
    ๐Ÿ“ŒOpenPeppol will issue production certificates under DOTL only after Service Providers:
         โœ… Obtain a test certificate from DOTL
         โœ… Successfully demonstrate dual-capability (MPKI8 & DOTL) conformance in the Peppol Testbed

โ€‹

โ€‹Key Migration Timelines
    ๐Ÿ“Œ T0 (11 Aug 2025 onward)
            โœ…DOTL CA chain available
            โœ…Service Providers can obtain DOTL test certificates
    ๐Ÿ“Œ T1 (11 Feb 2026 - 6-months transition period)
            โœ…Mandatory dual capability (support both MPKI8 & DOTL)
    ๐Ÿ“Œ T2 (1 Apr 2026)
            โœ…MPKI8 certificates revoked
            โœ…DOTL becomes the only trusted CA chain

โ€‹โ€‹

โ€‹

Oxalis Support
    โš™๏ธ Oxalis-NG v1.2.0 → Dual-capability (MPKI8 & DOTL)
         ๐Ÿ‘‰ More details in Oxalis-NG WIKI: https://github.com/OxalisCommunity/oxalis-ng/wiki/Peppol-PKI-2025-%E2%80%90-MPKI8-to-DOTL

โ€‹โ€‹

    โš™๏ธ Oxalis 7.2.0 and Oxalis-AS4 7.2.0 → Dual-capability (MPKI8 & DOTL)
         ๐Ÿ‘‰ More details in Oxalis WIKI: https://github.com/OxalisCommunity/oxalis/wiki/Peppol-PKI-2025-%E2%80%90-MPKI8-to-DOTL

 

References & Guidance

๐Ÿ”— Peppol PKI 2025 – Parent Page – Peppol PKI 2025 - 1. OpenPEPPOL Members Area - Confluence

๐Ÿ”— Dedicated Migration Guideline – Peppol PKI 2025 - Dedicated Migration Guideline - 1. OpenPEPPOL Members Area - Confluence

๐Ÿ”— Certificate Authority Migration Plan – Peppol PKI 2025 - Certificate Authority Migration Plan - 1. OpenPEPPOL Members Area - Confluence

๐Ÿ”— Certificate Authorities – Peppol PKI 2025 - Certificate Authorities - 1. OpenPEPPOL Members Area - Confluence

๐Ÿ”— Issuing & Enrolment Process – Peppol PKI 2025 - Issuing and Enrolment Process - 1. OpenPEPPOL Members Area - Confluence

 

๐ŸŽฅ Webinar: Peppol PKI 2025 – Peppol PKI 2025 - Webinar - 1. OpenPEPPOL Members Area - Confluence

 

โšก This migration is time critical. Service Providers should plan ahead, enable dual capability early, and ensure seamless conformance testing before production rollout.

โ€‹

โ€‹

bottom of page