Adding support for ESTEID SK 2015 certification chain

kristiu edited this page Jan 12, 2016 · 4 revisions

In order to add support for ESTEID-SK 2015 certification chain in CDigiDoc (also known as Libdigidoc) library, the changes described below have to be made.

  1. Copy the ESTEID-SK 2015 certificate file to a location that is referenced by CA_CERT_PATH configuration parameter in the digidoc.ini configuration file. For example, set the file name as ESTEID-SK 2015.crt
  2. Change the digidoc.ini configuration file, set the CA_CERT_<x> parameter value according to the certificate's file name specified in the previoius point:
CA_CERTS = <add +1 if adding a ESTEID-SK 2015 CA to the ones already registered>
…
CA_CERT_<x>=ESTEID-SK 2015.crt
CA_CERT_<x>_CN=ESTEID-SK 2015
…
DIGIDOC_OCSP_RESPONDER_CERTS = <add +1>
…
DIGIDOC_OCSP_RESPONDER_CERT_<y>=SK OCSP 2011.crt
DIGIDOC_OCSP_RESPONDER_CERT_<y>_CN=SK OCSP RESPONDER 2011
DIGIDOC_OCSP_RESPONDER_CERT_<y>_CA=ESTEID-SK 2015

Notes:

  • <x> and <y> placeholders in the sample above must be replaced with appropriate sequence numbers.
  • the ESTEID-SK 2015 certificate file must be in PEM format.
  • Additional information on configuring CA certificate settings in CDigiDoc configuration file can be found from http://id.ee/public/SK-CDD-PRG-GUIDE.pdf, see chap. "4.2 Configuration parameters" under "CA certificates".