Here you can download the root certificates, issuing CA certificates and service certificates and also there is separate tab for certificates for testing.

To ensure the support for all SK’s certificates, you must install the root certificates EE Certification Centre Root CA and EE-GovCA2018. In addition to these you need to have the following Issuing CA certificates (excluding expired certificates):

  • ESTEID-SK 2011 (expired)
  • ESTEID-SK 2015
  • EID-SK 2011 (expired)
  • EID-SK 2016
  • KLASS3-SK 2010 (expired)
  • KLASS3-SK 2016
  • ESTEID2018 (belongs under EE-GovCA 2018 root certificate)

Detailed overview of SK’s certificates … Load more

Detailed overview of SK’s certificates hierarchy can be found from here.

For digital signing, additionally OCSP RESPONDER certificates are needed. To verify older signatures, also obsolete root and intermediate certificates, as well as OCSP RESPONDER certificates are needed.

You can download them in either DER or PEM format. If you are not sure which one to choose, you can choose either – modern systems recognize both formats.

The Certificate Revocation Lists (CRL) include information about revoked and suspended certificates. CRLs are cumulative and include information about all the certificates that are suspended or revoked at the moment. If the supsension of a certificate is terminated, the certificate is removed from CRL. Certificates that are declared as not valid remain in the CRL at least until they expire. CRLs of expired Certification Authorities (CA) are not revealed, since all the certificates issued by this CA are expired

All certificate validity times are in UTC.