Error on custom URL signing.
Incident Report for Evidos trust services
Postmortem

Cause
Saturday 11 December around 12:00 we performed a security update to improve the way we check if connections in our service are still https secured, and to keep better track of any issues arising with web services.
 
Problem
However, this change in our health checks made our security controls too strict, and we wrongly regarded traffic from custom signing domains as not https compliant and blocked it.
This blockage was not picked up by our automated testing, as the automated tests were using a flow which was still trusted by our security controls and could therefore continue without issue.
Regular signing transactions from our default domain view.signhost.com are not impacted. Custom domains are only used by DigiD signing requests, so non-DigiD using customers are not impacted.

Mitigation
After receiving an incident message, we restored functionality around 19:50 GMT+2 on 13-12-2021.
We have upgraded our automated tests to also take the new security flows into account.
 
Status
All previously not working links can be signed again, so if the signing URL is available to signers in for example an email, they can click the link again.

Posted Dec 13, 2021 - 12:55 CET

Resolved
We have resolved the issue. A fix released yesterday afternoon resulted in an error with custom signing domains. After receiving notification of the error today we have roll backed the fix. We have added an automatic test for more custom signing domains to prevent this issue from arising in the future.
Posted Dec 12, 2021 - 20:04 CET
Investigating
Transactions from customers who have a custom URL configured because of DigiD requirements, can not be signed. They result in a connection closed error for the signers. We are investigating the cause.

Transactions using our normal signing link (view.signhost.com) are not impacted. If you do not use a custom signing link for DigiD, you are not impacted.
Posted Dec 12, 2021 - 19:43 CET
This incident affected: UI / View.