Starting October 28th 2021, eIDAS Qualified Certificates will be issued by DigiCert+ QuoVadis with a changed set of keyUsages.
The following certificate types will feature the nonRepudiation/contentCommitment keyUsage as the sole keyUsage:
This change is to comply to the industry standard described in ETSI EN 319 412-2, section 4.3.2 which states that combining the nonRepudiation keyUsage with others (such as digitalSignature or keyEncipherment) can have security implications depending on the security environment in which the certificate is to be used. By limiting the keyUsage to nonRepudiation, DigiCert+QuoVadis certificates conform to the “Type A” compliant keyUsage described in section 4.3.2 of ETSI EN 319 412-2.