This page allows you to upload your digital signature (and also authentication) certificate into demo.sk.ee/aia OCSP responder database. After you upload the certificate, the demo.sk.ee OCSP responder, located at demo.sk.ee/aia, will start issuing OCSP responses according to desired status of your certificate. More information about demo ocsp endpoints can be found from Github
To give a signature the state of certificate must be "Good". You can use it with any RFC2560-compliant OCSP client software. Note that OCSP request for expired certificate will get status "revoked"!

Paste your PEM- (Base64-) encoded certificate here including the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines. Note that you can upload almost any valid X.509 certificate here. In case of Estonian ID-cards, use ID-card software (ID-card utility) to save Your certificates into file system. If it is saved as binary file, then rename it so that extension is .cer (or .crt). In windows, double click on the .cer file, choose the tab "Details", then click the "Copy to File..." button and when saving, choose Base-64 encoded X.509 format. Then Your certificate is in correct format for the textarea below:

Certificate:

 

Certificate must contain AKI extension populated with the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).

If your certificate does not contain that extension or that extension does not contain that value, you can upload CA certificate

CA Certificate:

Status

Status of the certificate stands for the following:

  • The "good" state indicates a positive response to the status inquiry.
  • The "revoked" state indicates that the certificate has been revoked (either permanantly or temporarily (on hold)).
  • The "unknown" state indicates that the responder doesn't know about the certificate being requested.