Starting November 27, 2024, all new Smart-ID accounts will be issued using the new intermediate certificates “SK ID Solutions EID-Q 2024E” (for qualified accounts) and “SK ID Solutions EID-NQ 2021E” (for non-qualified accounts).

This change will affect e-services, applications, and information systems that rely on the authentication or signature capabilities of Smart-ID.

To ensure that e-services can continue leveraging Smart-ID certificates, e-service providers must ensure support for the new “SK ID Solutions EID-Q 2024E” and “SK ID Solutions EID-NQ 2021E” intermediate certificates, in addition to the existing “EID-SK 2016” and “NQ-SK 2016”  intermediate certificates, to their Smart-ID configuration. Support for new intermediate certificates can be ensured by using the latest version of the Estonian Trusted List. However, if some information systems rely on a different configuration set, the new certificates may need to be trusted directly.

Please note that no changes to the end-entity certificate profiles are planned compared to the certificates issued under “EID-SK 2016” and “NQ-SK 2016”.

This change, scheduled for November 27, 2024, affects all information systems and applications that provide digital authentication or signatures using the Smart-ID service provided by SK.

At the same time, continued support for the “EID-SK 2016” and “NQ-SK 2016” intermediate certificates are necessary for existing Smart-ID accounts. It is important to note that all valid Smart-ID certificates issued under “EID-SK 2016” and “NQ-SK 2016” will remain functional until their individual expiry or revocation.

Please keep in mind that only “EID-Q 2024E” and “EID-NQ 2021E” intermediate certificates will be used for actively issuing new Smart-ID certificates, while “EID-Q 2024R” and “EID-NQ 2021R” will serve as a secondary backup CA. We strongly recommend that you support old and new certificates simultaneously to avoid future inconveniences.

Please ensure that you have updated the certificates in your systems before November 27, 2024. New certificates are available in SK repository:

• SK ID Solutions EID-Q 2024E
• SK ID Solutions EID-Q 2024R
• SK ID Solutions EID-NQ 2021E
• SK ID Solutions EID-NQ 2021R

Support for new qualified certificates (“EID-Q 2024E/R”) can be added via Estonian Trusted List also (just make sure the list has been updated with the latest version). The new EID-Q 2024E/R certificates will be added in Estonian Trusted List version 66 what will be published latest during week 43.

Failure to add the support of new intermediate certificates configuration will result in Smart-ID users, whose account is created starting 27.11.2024, being unable to authenticate or provide digital signatures in your service.

Please ensure that your system is compatible with the changes taking effect on November 27, 2024, by testing it in our DEMO environment.

Information for testing and implementation:

• Certificates for testing:
  • TEST of SK ID Solutions EID-Q 2024E
  • TEST of SK ID Solutions EID-NQ 2021E
• Test accounts for automated testing
• Test Trusted List can be found here
• Information on how to verify the authentication response can be found in Smart-ID documentation

General information for 2024 PKI changes:

• The previous news article about the overall changes in the CA hierarchy during 2024 can be found here.
• For more details on the 2024 certificate changes, visit the GitHub PKI information page.

Please let our support know if you encounter problems during testing or if you have any questions: support@skidsolutions.eu

Previous