The validity confirmation service or OCSP service allows you to ask for real-time information on the ID-card, a digi-ID and Mobiil-ID certificates. This service is used for both electronic personal identification solutions and digital signature applications.
The service is based on the OCSP protocol (Online Certificate Status Protocol) that is described in Internet Standard RFC 2560. OCSP is a simple client-server system where the OCSP client sends a query to the OCSP responder (server) concerning the certificate and the responder provides confirmation regarding the certificate that includes the validity of the certificate or the invalidity thereof and the time of providing confirmation. The response provided by the responder is digitally signed.
There are three responses that the OCSP responder can provide about a certificate:
- The certificate is valid (GOOD)
- The certificate is not valid (REVOKED)
- There is no information concerning the certificate in question (UNKNOWN)
A positive response by the OCSP means that the certificate has been issued and it was valid as of the moment of issuing the conformation.
Detailed information about the operation of the validity verification service can be accessed in the technical specification of the service (in Estonian).
A sample application for performing a certificate validity check can be accessed here.
The validity verification service is provided by Sertifitseerimiskeskus. Information regarding the possibilities for access, prices, etc., of the validity verification service can be accessed at http://www.sk.ee/en/services/validity-confirmation-services/.