Technical specifications

The service is based on OCSP (Online Certificate Status Protocol), which has been described in Internet standard RFC 2560. OCSP is a simple client-server system where an OCSP client sends the OCSP responder (server) a query about a certificate and the responder gives a confirmation regarding the certificate, which contains the validity or non-validity of the certificate and the time of giving the confirmation. The reply given by the responder is digitally signed.


Address of service
Supported certificates Authentication certificates issued by ESTEID-SK 2011, ESTEID-SK 2015, EID-SK 2011
Terms and conditions General terms of subscriber agreement
Test service address No test service available
Responses to correct requests 
  • GOOD - certificate is valid
  • REVOKED - certificate is not valid
  • UNKNOWN - no information about the requested certificate

OCSP's positive response means that the certificate has been issued and it was valid at the time of giving the confirmation.

Access to the service Based on an IP-address. The service cannot be accessed on the basis of an access certificate.
  • Information on only ID-card authentication certificates can be asked from the User-based authentication service. The service does not have information about digital signature certificates. For digital signing, the use of Validity confirmation service is necessary.
  • Certificate confirmations are not preserved in the security log, as they are regarding Validity confirmation service.
  • User-based authentication service is not usable via the DigiDocService's web service, which means that the service does not support Mobile-ID. For Mobile-ID, the use of Validity confirmation service is necessary.