Technical information (OCSP)

The service is based on OCSP (Online Certificate Status Protocol), which is described in Internet standard RFC 6960. OCSP is a simple client-server system where an OCSP client sends to the OCSP responder (server) a query about a certificate and the responder gives a confirmation regarding the certificate, which contains the validity or non-validity of the certificate and the time of giving the confirmation. The reply given by the responder is signed digitally.

Validity Confirmation Service address
Supported Certification Authorities All certificates issued by SK
Proxy OCSP
Supported Certification Authorities Mediating validity information of certificates issued by other Certification Authorities. The exact list and the source of validity information used is available here.
Service certificate used for signing responses SK OCSP RESPONDER 2011
Test service address
Conditions for Use

General Terms of Subscriber Agreement v 4.0 apply starting from 01.10.2018.

Responses to correct queries

GOOD - certificate valid
REVOKED - certificate not valid ei kehti
UNKNOWN - no information about the requested certificate 

OCSP's positive response means that the certificate has been issued and it was valid at the time of giving the confirmation.

Supported extensions OCSP Nonce (
Supported response algorithm sha256WithRSAEncryption
Access to service Based on IP address or access certificate
OCSP release notes history