Rwanda: Adopted PKI Service Integration Guidelines including technical specifications for developers

On 17 September 2024, the Rwanda Information Society Authority (RISA) issued the PKI Service Integration Guidelines. The guidelines provide technical specifications for developers to ensure the proper integration of Public Key Infrastructure (PKI) services. Areas addressed include certificate validation, revocation, expiration, and digital signature verification. The guidelines specify the use of secure protocols such as Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL), mechanisms for timestamp validation, and the application of Long-Term Validation (LTV) to preserve the integrity and authenticity of digital signatures. Developers are advised to contact RISA for an integration assessment before deployment.