Doubts about the legality of documents are very recurrent when we start to carry out digital transformation processes and implement electronic signatures. Today we explain what happens to signed documents when my digital certificate expires.
To make electronic signatures, qualified digital certificates are always used, either from the user himself, or from the signature software to sign the electronic evidences generated in an electronic signature process. For example, when I sign a document by OTP-SMS, all the evidences of the process are signed with a digital certificate to guarantee its integrity and to link them in a unique way to the document.
All digital certificates, depending on their type, have a validity period (defined in the certification practices and policies), that is, they are not eternal, but the documents must be valid, or have a validity longer than the validity of the certificate.
So, what happens if the certificate with which a document has been signed expires?
First we will have to see the date of signature of the document (important to incorporate a qualified time stamp on the document), and ask the issuer of the certificate, i.e. the qualified trust service provider that issued the certificate, to certify that at the time of signature the certificate was not expired or revoked.
If we want to avoid all the formalities of consulting the certificate issuer, we recommend using long-lived signature policies or LTV signatures, i.e. signature policies in which two proofs are embedded in the document:
- A Qualified Time Stamp.
- OCSP or CRL query to the certificate issuer (OCSP and CRL are the standards for querying the status of digital certificates)
With these two proofs we can guarantee the validity of the documents in the long run.
If we are not using long-lived signature formats, we at least recommend using the timestamp to guarantee the signature date of the document. Another inefficient way, and in some cases impossible in the case of witnessed signatures, is to re-sign all documents with the new digital certificate.
Does the digital signature of a document expire if my certificate has expired?
We could say that the digital signature does not expire. What does have a temporary validity are some of the tools and methods used to make it.
What actually expires is the digital certificate that signed the document or the electronic evidence of it. It may also happen that the digital certificate is revoked for the reasons specified in the certification practices and policies, for example, that the person is no longer the legal representative of the company and the certificate issued to him/her must be revoked.
In order to avoid and mitigate these problems, Viafirma offers, free of charge, the incorporation of the time stamp in its cloud services for all processes or requests for electronic signatures, in order to unambiguously prove the exact time of the electronic signature, where we can verify that the certificate was valid at the time of the signature.
Want to learn more about our services? Contact us today and we will help you with the digitalization of your business.