Changelog for ocsp.sk.ee

Below you can find descriptions of all the changes and additions that have been made in different versions of the service.

• Test-service: http://demo.sk.ee/ocsp
• Production service: http://ocsp.sk.ee
• In brackets are the references to the SK internal task identifiers related to the change

Version	Published	Changelog
	07.11.2023	Since 01.11.2023 long validity certificate SK OCSP RESPONDER 2011 not in use. Each OCSP response is signed with different OCSP responder certificate, issued by corresponding intermediate CA see more info: https://www.skidsolutions.eu/news/important-changes-in-validity-confirmation-service/
	15.02.2023	Added support for nonce extension for ESTEID2015
2.6.3	14.11.2018	Memory usage improvements (OO-82, OO-13, OO-65) Logging improvements (OO-105) Support for RFC6960 (OO-61, OO-77, OO-51, OO-28, OO-104, OO-107, OO-108) Support for ESTEID2018 (OO-97) Signing algorithm selection from request (OO-60, OO-52) Bug fixes (OO-45, OO-8)
	14.04.2016	The only supported HTTP protocol versions are 1.0 and 1.1
2.5.1	29.02.2016	SHA-256 hash algorithm is always used when signing OCSP responses. (OO-73) Fixed an error that, in certain circumstances, caused OCSP request failures when using HTTP GET method. (OO-11)
2.5	16.02.2016	SHA-256 hash algorithm is used when signing SK OCSP RESPONDER 2011 responses. (OO-52) The OCSP service’s certificate is now included in the OCSP responses.
2.5	18.12.2015	Improved the service’s ability to restore database connection automatically in case of network errors. (OO-20) Fixed an error that caused the service to respond with a revoked certificate’s expiration time instead of the actual revocation time, after the certificate that was revoked had later expired. (OO-46) Changed the operating system. (OO-49)
2.4	22.10.2015	Fixed an error that occurred in case of revoked KLASS3-SK 2010 certificates and caused the service to return OCSP responses where revocationTime value did not contain correct time zone information.