Changes in CA hierarchy during 2024

During year 2024, SK will implement new certification authority (CA) hierarchy.
Current Estonian Certification Centre Root CA (EECCRCA) will be replaced with new root CA (ROOT G1), together with intermediate certificates.

The changes ahead in SK Public Key Infrastructure (PKI), are related with transition to the new root and intermediate certificates.

In order to make the implementation of changes as convenient as possible for all the PKI ecosystem, we have divided changes into several milestones for taking new CA’s into use.

Changes will affect e-services, applications and information systems using directly or indirectly certificates issued to Organisations, Smart-ID and Mobile-ID, but not limited to:

  • National data exchange layer X-road (security servers owners) – X-road ecosystem uses eSeal and Authentication certificates.
  • validation & signing solution providers
  • solutions which use custom trust store for certificates instead of EU Trusted List

We have put together set of Q&A section in our new PKI Github repository, where all details from technical to non-technical have been described.

The transition to new PKI hierarchy and using more secure key lengths adds more security and helps to preserve the integrity in long term. Also moving to new PKI is inevitable due expiration of EECCRCA root certificate in 2030.

Please let our support know if you encounter problems during testing or if you have any questions:

previous next