Summary
From Saturday 06/08/2022 14:50 CEST a certificate we use for the secure iDeal communication expired.
This caused issues where communication with iDeal was not possible. The issue was resolved on monday 08/08/2022 at 10:49 CEST.
People signing with iDeal during this period encountered errors and could not proceed. Other identified signing methods where not impacted.
Problem
The Evidos iDeal certificate was set to expire on the 6th of August. We prepared the expiry and new certificate rollover in advance as part of our regular certificate rollover process.
Before the expiry moment, our rollover process was triggered and performed, and a new certificate was registered at the iDeal bank end. However, after expiry it turned out that the old certificate was still referenced in part of our database and therefore iDeal showed errors during the signing process as connection could not be made. We have error monitoring on iDeal transactions, but because of the error minimum threshold, in combination with low traffic in the weekend during the holiday period, the errors did not pass the minimum threshold and therefore our team was not notified through the emergency channels.
Solution
After receiving customer notifications about this error through our support channel, we directly redeployed the correct new certificate, iDeal resumed working.
Mitigation
We have changed our error thresholds so our ops team will be notified by direct messaging in cases like this. We are looking to change certificate rollovers so they will occur preferably before the weekend.