This page allows you to upload your digital signature (and also authentication) certificate into OCSP responder database. After you upload the certificate, the OCSP responder, located at, will start issuing OCSP responses according to selected status of your certificate. To give a signature the state of certificate must be "Good". You can use it with any RFC2560-compliant OCSP client software. Note that OCSP request for expired certificate will get status "revoked"!

Paste your PEM- (Base64-) encoded certificate here including the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines. Note that you can upload almost any valid X.509 certificate here. In case of Estonian ID-cards, use ID-card software (ID-card utility) to save Your certificates into file system. If it is saved as binary file, then rename it so that extension is .cer (or .crt). In windows, double click on the .cer file, choose the tab "Details", then click the "Copy to File..." button and when saving, choose Base-64 encoded X.509 format. Then Your certificate is in correct format for the textarea below:



Certificate must contain AKI extension populated with the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).

If your certificate does not contain that extension or that extension does not contain that value, you can upload CA certificate

CA Certificate:


Status of the certificate stands for the following:

  • The "good" state indicates a positive response to the status inquiry.
  • The "revoked" state indicates that the certificate has been revoked (either permanantly or temporarily (on hold)).
  • The "unknown" state indicates that the responder doesn't know about the certificate being requested.