ESTEID LDAP TECHNICAL DESCRIPTION
The directory service queries must be submitted using the LDAPS protocol. The service access is unrestricted (anonymous bind, simple authentication) around the clock. There is support only for data exchange with TLS encryption and TLS client authentication. Maximum of 50 certificate entries will be returned as a response.
Directory is available via esteid.ldap.sk.ee port 636.
Below you will find a detailed description of the directory layout. Knowledge of the layout is necessary for conducting data searches in the directory.
ESTEID LDAP DIRECTORY STRUCTURE
Directory tree list (personal certificates)

Searching for personal certificates is restricted by certificate owner’s identity number (serialNumber) in the form „PNOEE-38001085718“ or by certificate’s CN (CommonName) field in the form „JÕEORG,JAAK-KRISTJAN,38001085718“.
LDAP QUERY EXAMPLES
Example query from the Linux or Mac command line to search for a personal certificate:
- Query without CA certificate chain of LDAP:
LDAPTLS_REQCERT=allow ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b “c=EE” “(serialNumber=PNOEE-38001085718)”
- Query with CA certificate of LDAP (LDAP CA certificate can be found here):
LDAPTLS_CACERT=ldapca.crt ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b “c=EE” “(cn= JÕEORG,JAAK-KRISTJAN,38001085718)”
KLASS3 LDAP TECHNICAL DESCRIPTION
The directory service queries must be submitted using the LDAPS protocol. The service access is unrestricted (anonymous bind, simple authentication) around the clock. There is support only for data exchange with TLS encryption and TLS client authentication. Maximum of 50 certificate entries will be returned as a response.
Directory is available via k3.ldap.sk.ee port 636.
Below you will find a detailed description of the directory layout. Knowledge of the layout is necessary for conducting data searches in the directory.
KLASS3 LDAP DIRECTORY STRUCTURE
Directory tree list (organisation certificates)

LDAP EXAMPLES OF QUERIES
Example queries from the Linux or Mac command line for finding organisation certificates:
- Query without CA certificate chain of LDAP.
By the name of the organisation:
LDAPTLS_REQCERT=allow ldapsearch -H ldaps://k3.ldap.sk.ee/ -x -b “” “(cn=SK ID Solutions AS)”
By the registry code:
LDAPTLS_REQCERT=allow ldapsearch -H ldaps://k3.ldap.sk.ee/ -x -b “” “(serialNumber=10747013)”
- Query with CA certificate of LDAP (LDAP CA certificate can be found here).
By the name of the organisation:
LDAPTLS_CACERT=ldapca.crt ldapsearch -H ldaps://k3.ldap.sk.ee/ -x -b “” “(cn=SK ID Solutions AS)”
By the registry code:
LDAPTLS_CACERT=ldapca.crt ldapsearch -H ldaps://k3.ldap.sk.ee/ -x -b “” “(serialNumber=10747013)”
Queries can be narrowed using a country code if the location of the organisation is known:
LDAPTLS_REQCERT=allow ldapsearch -H ldaps://k3.ldap.sk.ee/ -x -b “c=EE” “(cn=SK ID Solutions AS)”