Nasty Easter egg: D-Trust demands certificate exchange by Easter Monday
Bundesdruckerei subsidiary D-Trust is giving administrators short-notice Easter duty: their TLS certificates must be exchanged by 5 p.m. on Easter Monday.
D-Trust warns.
(Image: Screenshot heise medien)
The registration authority D-Trust, which belongs to the Bundesdruckerei, is recalling all TLS certificates issued from March 15, 2025, to the morning of April 2, 2026, on short notice. This was announced by the Registration Authority of the federally owned company on its website. The certificates will be officially declared invalid by the Bundesregistry as early as 5 p.m. on Easter Monday, April 6, 2026.
The Federal Office for Information Security (BSI) pointed this out on Saturday afternoon. During the exchange of certificates, outages of numerous websites are possible, and institutions of the federal administration could also be affected, according to the BSI. There is no connection with a cyberattack; the BSI is already trying to give the all-clear in advance. Among other things, D-Trust also supplies parts of the health telematics infrastructure with certificates.
Allegedly no security problem
“The security of your certificates was and is guaranteed at all times,” says D-Trust. The background to the short-notice recall is apparently a problem with so-called linting, i.e., automatic code checking processes.
Here, in the wake of the discussion about an impermissible pre-certificate duration, it turned out that D-Trust had interpreted the industry rules for certificate creation differently than the general technical consensus within the community.
Videos by heise
In response to a short-notice inquiry on Saturday afternoon about why the recall on Easter Monday was necessary despite allegedly no impact on security and how many certificates were affected, the press office of the Bundesdruckerei had not yet responded.
(nie)
