Renew Access to Certificate Authority

Renew certificate authority access credentials

Why is this needed ?

Due to regulatory imposition by the portuguese law, the certificate access granted upon initial configuration cannot be used indefinetely .

This regulation mandates that the access to the certificate be blocked when at least one of the following conditions occur:

  • time check: 60 days have passed since the last grant

  • usage check: 1 billion signatures were applied since the last grant


Sign’Stash will send daily e-mail notifications one week before reaching the time check threshold (or when over 90% of the usage check limit is reached), for all the operators registered on your account.

The following procedure must be executed to renew the certificate access grant.


Renew certificate access

In order to renew the certificate authority access credentials for a given certificate, you will need to access “Certificates > Detail” and press the “Renew” button on the second details card.

After clicking the “Renew“ button, you will be redirected to the certificate authority that manages your certificate in order to renew Sign’Stash access to your certificate. Once this authorization is completed, you will be returned to the backoffice.


Certificate client account authentication

Authenticate with the client account created during the client certificate issuance. If in doubt, please confirm access to your client account of Multicert’s certificate issuance system in

Confirm redirection to authenticate in Multicert’s Certificate Issuance System


Multifactor authentication

If your remote certificate requires additional authorization to be accessed, a dialog box will appear to insert the authorization response, such as in the .

Remote certificates issued by Multicert Certificate Authority only support authorization through OTP code or/and the certificate PIN.

For security reasons the Authorization Code input has a validity of 2 minutes.


Validate renewal

If the certificate access renewal has been completed successfully, the “Certificate access expiration date” attribute should now present a date 60 days in the future.



Check client service status

If the certificate access expired date was reached before this procedure was executed, then all the client services using that certificate are automatically suspedend.


If this was you case, please check the status of the client's services after certificate renewal is complete and activate them by changing its status.

For instructions on how to complete this process, see this article: