SK OCSP service to use SHA-256 algorithm for response signing
As of 16 February 2016, SK’s OCSP services shall use the SHA-256 algorithm for response signing instead of the SHA-1 hash algorithm. The change is required to ensure the use of updated and secure encryption algorithms in SK’s OCSP service. The change also affects the authentication OCSP service (at http://ocsp.sk.ee/_auth).
To ensure better compatibility with third party software, the operating logic of SK’s OCSP service will be changed, by adding the OCSP service certificate to each response.
Both changes have already been implemented in the version of OCSP service in SK’s demo environment, which is available at http://demo.sk.ee/ocsp_sha256. We recommend that all integrators and e-service providers check the compatibility of their information systems with the updated OCSP service. The OCSP service at this address uses the same certificate database as the old configuration of the OCSP service (at http://demo.sk.ee/ocsp/). Therefore, the certificates need not be reloaded for testing, new certificates can be loaded into test systems from the https://demo.sk.ee/upload_cert/ website.