Technical information (OCSP)
The service is based on OCSP (Online Certificate Status Protocol), which is described in Internet standard RFC 6960. OCSP is a simple client-server system where an OCSP client sends to the OCSP responder (server) a query about a certificate and the responder gives a confirmation regarding the certificate, which contains the validity or non-validity of the certificate and the time of giving the confirmation. The reply given by the responder is signed digitally.
| Validity Confirmation Service address | http://ocsp.sk.ee/ |
| Service certificate used for signing responses | SK OCSP RESPONDER 2011 |
| Test service address | http://demo.sk.ee/ocsp |
| Conditions for Use |
General Terms of Subscriber Agreement v 4.1 apply starting from 01.07.2023. |
| Responses to correct queries |
GOOD - certificate valid OCSP's positive response means that the certificate has been issued and it was valid at the time of giving the confirmation. Exceptionally, for an ESTEID2018 certifier, a GOOD response is also given to an expired certificate if the certificate is not revoked or suspended. The validity of the certificate must be checked on the service side. This is in compliance with RFC 6960 standard. |
| Supported extensions | OCSP Nonce (1.3.6.1.5.5.7.48.1.2) |
| Supported response algorithm | sha256WithRSAEncryption |
| Restrictions | CertID supported hash algorithm is sha1 |
| Access to service | Based on IP address or access certificate |
| OCSP release notes history | https://github.com/SK-EID/ocsp/wiki |
