Starting October 29, 2025, PrimeSign will implement several changes affecting RKSV signature creation and certificate issuance. These include switching to a new TLS root CA (Sectigo), deactivating TLS 1.0/1.1, requiring SNI support, and expanding the IP range to 149.154.99.176/28. Ensure your systems are updated accordingly, as these changes impact all connection processes with PrimeSign services.
Austria: PrimeSign Root Certificate Change
Public
Austria
Author: Ištvan Božoki
Category:
Fiscal subject related
Views:
69
Content accuracy validation date:
11.04.2025
Content accuracy validation time:
08:17h
The following changes will take effect on October 29, 2025, when using PrimeSign services for creating RKSV signatures and issuing RKSV certificates:
- Change of the root CA for the TLS connection: The currently used root CA, "Entrust Root Certification Authority - G2," must be replaced with a new CA. Sectigo will be used as the new root CA. Install the following two root certificates: SectigoPublicServerAuthenticationRootE46 and USERTrust ECC Certification Authority (https://www.sectigo.com/knowledge-base/detail/Sectigo-Public-Intermediates-and-Roots/kA0Uj0000003eovKAA ). Primesign recommends keeping trust stores up-to-date regardless of this change. Due to current browser CA developments, it is expected that such long lead times for (root) certificate changes cannot be guaranteed in the future.
- Deactivation of TLS 1.0/1.1: Support for the TLS 1.0/1.1 protocol versions (released in 1999 and 2006, respectively) will be discontinued. Supported protocol versions: TLS 1.2 and TLS 1.3
- SNI mandatory: Ensure that your POS system supports SNI (Server Name Indication). SNI is required for communication with our primesign RKSV Remote Signing Services.
- IP address range extension: The IP addresses of our primesign RKSV Remote Signing Services will be extended to the address range 149.154.99.176/28. If you have currently implemented firewall activations for individual IP addresses, please add the address range 149.154.99.176/28 to these activations.
The changes have been available on the test system since March 26, 2025. Please note that the changes described above when establishing a connection affect both the creation of RKSV signatures and the application for RKSV signature certificates.
Other news from Austria
Digital Receipts in Austria
Austria
Author: Ivana Picajkić
Digital receipts offer a faster, greener, and more cost-effective alternative to printed receipts by allowing customers to instantly receive a PDF via QR code scan at checkout. Read more
How to Keep a Legally Compliant Cash Book in Austria?
Austria
Author: Ivana Picajkić
Businesses earning over €15,000 annually and more than €7,500 in cash revenue must keep a digital, tamper-proof cash book using a certified POS system. Read more
New document was uploaded: S4F backoffice patch
Author: Dejan Šijačić
S4F backoffice patch is intended for users who have already installed S4F backoffice and are intended to update existing installations to latest version. To do so apply only patches that are marked with version number that is newer than your currently installed instance of backoffice. Read more
TLv6 Implementation Marks Significant Shift in EU’s Trust List Format
Public
All countries
Author: Ivana Picajkić
A new EU Trust List format, TLv6, will officially replace TLv5 in May 2025 as part of the updated eIDAS Regulation (EU 2024/1183). It introduces key technical changes like a new URI field, updated signature format, and optional phone number support. Organizations must update their systems to avoid signature validation failures and service disruptions, as TLv5 will no longer be valid once TLv6 take... Read more
Fiskalization by Austria’s RKSV: What Businesses Need to Know About Secure and Compliant Cash Registers
Austria
Author: Ivana Picajkić
The Cash Register Security Ordinance (RKSV) in Austria ensures that all cash registers are tamper-proof and each transaction is securely recorded using digital signatures to prevent fraud. Read more