Announcement of the transition to stronger cryptography

Dear clients,

I.CA responds to current recommendations and international standards in the area of issuing qualified and commercial certificates.

In accordance with the documents of the European Union Agency for Cybersecurity (ENISA), the referenced eIDAS implementing regulations and the National Office for Cybersecurity and Information Security (NÚKIB), I.CA is preparing to gradually transition to stronger cryptographic algorithms and longer keys with a length of 4096 bits.

This step is based on European and national requirements and recommendations aimed at strengthening the level of cryptographic protection and long-term security of electronic signatures and authentication mechanisms.

Change from January 1, 2026

With effect from January 1, 2026, all newly issued I.CA certificates, including for RemoteSeal and RemoteSign services, will use cryptography with a key length of 4096 bits.

All tools we provide for creating certificate requests (generators, NewCert I.CA) will have a default setting for keys with a length of 4096 bits from this date.

I.CA RemoteSeal and I.CA RemoteSign

A technological upgrade of services is now available for the I.CA RemoteSeal and I.CA RemoteSign services, which will allow you to make a smooth transition. Certificates used by these services with a key length of 2048 bits will not be supported from January 1, 2026.

Testing option

For clients who wish to verify the functionality of their systems with the new cryptography before production deployment, there is the option of issuing and testing certificates in the I.CA testing environment. The test certificate can be obtained via our website at the following link: https://www.ica.cz/en/testing 

Thank you for your cooperation and for ensuring the security of electronic services in accordance with the latest cybersecurity standards.

První certifikační autorita, a.s. (I.CA)