News

Info for integrators: SK OCSP service to use SHA-256 algorithm for response signing

23.12.2015

As of 16 February 2016, SK’s OCSP services shall use the SHA-256 algorithm for response signing instead of the SHA-1 hash algorithm.

The change is required to ensure the use of updated and secure encryption algorithms in SK’s OCSP service. The change also affects the authentication OCSP service (at http://ocsp.sk.ee/_auth). 
 
To ensure better compatibility with third party software, the operating logic of SK’s OCSP service will be changed, by adding the OCSP service certificate to each response.
 
Both changes have already been implemented in the version of OCSP service in SK’s demo environment, which is available at http://demo.sk.ee/ocsp_sha256. We recommend that all integrators and e-service providers check the compatibility of their information systems with the updated OCSP service. The OCSP service at this address uses the same certificate database as the old configuration of the OCSP service (at http://demo.sk.ee/ocsp/). Therefore, the certificates need not be reloaded for testing, new certificates can be loaded into test systems from the https://demo.sk.ee/upload_cert/ website.
 
Please e-mail any questions concerning the above changes to support[A]sk dot ee.


ASK FOR HELP

If you didn't find an answer to your question, send it to our team.



  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance

         

  • Verification failed

How can we improve the article and be more helpful?
Send Close