DESC

Legacy CAs Decommissioning Notice

Published: 16 january 2026

Status: Temporary

This notice is published on a temporary basis and will be withdrawn upon completion of the technical decommissioning of the legacy CAs.

1. Scope

This notice announces the decommissioning of the Certification Authorities listed below and provides key dates and relying party guidance.

Certification Authority (CA) CA Certificate Validity (Not After) Notes
Code Signing Certification Authority 21 June 2030 No end-entity certificates were issued from this CA.
Devices Certification Authority 08 April 2030 The latest certificate issued by this CA was for Dubai Timestamping Authority, expiring on 14 February 2026.

2. Summary of Change

The above Certification Authorities are being decommissioned. Decommissioning means that the CAs will cease issuing new certificates and will be maintained only as necessary to support relying party verification and transparency for the periods stated in this notice.

3. Key Dates and Service Availability

Milestone Date / Detail
Notice publication 16 january 2026
Stop issuance – Devices Certification Authority Effective 12 October 2023, the Devices Certification Authority ceased issuing end-entity certificates. The CA has since remained operational solely to maintain certificate status information (including revocation and validation services) for Timestamping certificates issued on or before 5 May 2021.
Stop issuance – Code Signing Certification Authority No end-entity certificates were issued from the Code Signing Certification Authority.
Operational decommissioning of CA services April 2026 (exact date to be announced later)
The CAs in scope will be operationally decommissioned on the date specified here. Operational decommissioning means that no Certification Authority operations will be performed (e.g., no certificate issuance, no re-key, no renewal, no revocation processing), except for the continued publication of certificate status information, where applicable, in accordance with this notice.
Certificate status services (CRL/OCSP) Devices Certification Authority:
CRL and OCSP services will remain available until the applicable CA certificate expiry date: 08 April 2030.
  • Last known end-entity certificate expiry: Dubai Timestamping Authority – 14 February 2026
  • Note: After operational decommissioning, status services remain available for relying parties as described above.
Code Signing Certification Authority:
Since no end-entity certificates were issued from this CA, no CRL/OCSP status services are required for relying party validation. The CA certificate (and chain, where applicable) will remain published in the repository for transparency and historical reference.

4. Impact to Subscribers and Relying Parties

  • No new issuance: No new certificates will be issued from the decommissioned CAs.
  • Existing certificates (Devices CA): Previously issued certificates remain valid until their stated expiry date unless revoked.
  • Status checking (Devices CA): CRL and OCSP services will remain available for relying parties as stated in Section 3.
  • Code Signing Certification Authority: Since no end-entity certificates were issued, no subscriber migration actions are required and no status services are required.

5. Repository Publications

The repository will publish and maintain, at a minimum, the following items for the decommissioned CAs:

  • This decommissioning notice.
  • CA certificates (and certificate chain, where applicable).
  • Devices Certification Authority: current and historical CRLs (as applicable) and OCSP access details during the availability period stated in Section 3.
  • Any related policy documents (CP/CPS) or relevant extracts applicable to relying party usage and status checking.

6. Contact

For questions regarding this decommissioning notice, certificate status, or relying party validation, please contact:

The Dubai PKI Operations
Email: [email protected]
Phone: +97144150400

7. Change History

Version Date Description
1.0 16 january 2026 Initial publication of decommissioning notice for Code Signing Certification Authority and Devices Certification Authority.

Note: This notice is provided for relying party transparency and operational clarity. Where applicable, official governing requirements, controls, and procedures are defined by the UAE legal and regulatory framework and the CA's approved CP/CPS.