Current certificate chains: History of changes

Оновлення включає:

• оновлені сертифікати OCSP-сервера для алгоритмів підпису RSA та ECDSA КНЕДП ДП "Дія".

Оновлення включає:

• новий ланцюжок сертифікатів КНЕДП ТОВ "Центр сертифікації ключів "Україна".

Оновлення включає:

• новий ланцюжок сертифікатів (в т.ч. і для алгоритмів підпису RSA та ECDSA) КНЕДП ТОВ "Вчасно Сервіс".

Оновлення включає:

• новий ланцюжок сертифікатів для алгоритмів підпису RSA та ECDSA КНЕДП Державної податкової служби України (ДПС);
• оновлені сертифікати OCSP- та CMP-сервера КНЕДП "eSign" ТОВ "Ілайф".

Оновлення включає:

• новий (оновлений) ланцюжок сертифікатів КНЕДП АТ "ПУМБ" (засвідчені ЗЦ НБУ;
• новий (оновлений) ланцюжок сертифікатів КНЕДП ЦСК ЗСУ;
• новий (оновлений) ланцюжок сертифікатівКНЕДП "eSign" ТОВ "Ілайф".

The update includes:

• updated certificates of QTSP of CA State Treasury.

The update includes:

• the updated certificate of the OCSP server of QTSP of SE "Diia"

The update includes:

• a new (updated) chain of QTSP (CA) certificates of the National Bank of Ukraine;
• a new (updated) chain of QTSP of JSC "CREDI AGRICOLE BANK" certificates.

The update includes:

• Certificates of the OCSP server of QTSP of SE "Diia" and the new (updated) chain of QTSP certificates of JSC "UKRSIBBANK".

Note:
In connection with the fact that QTSP of JSC "UKRSIBBANK" was switched to using the chain of the Certification Center (CC) of the National Bank of Ukraine (NBU), it is necessary to check and provide access to the services of the Certification Center of the NBU under the DNS name zc.bank.gov. u.a.

To do this, it is necessary to provide access to the services of the Center of the NBU under the DNS name zc.bank.gov.ua:

• when using inter-network screens (firewalls), allow the connection from the internal network to the outside for the DNS name zc.bank.gov.ua for HTTP and HTTPS protocols (to TCP port numbers 80 and 443);
• when using JavaScript libraries and server proxy handlers (ProxyHandler) for them - add the DNS name zc.bank.gov.ua to the list of allowed network nodes (knownHosts) in the ProxyHandler handlers.
• A sign of the lack of access is errors when applying or checking signatures - an error when trying to get the status of a certificate using the OCSP protocol (code 81) or an error when sending a request to the CA server using the HTTP protocol (code 5)

The update includes:

• updated certificates of QTSP CEZARIS of LLC "Inter-Metl".

The update includes:

Adding a chain of certificates and settings of QTSP of the Foreign Intelligence Service of Ukraine.

To operate with the QTSP of the Foreign Intelligence Service of Ukraine, it is necessary to provide access to the services of this QTSP under the DNS-Name ca.szru.gov.ua. For this you need:

• when using inter-network screens (firewalls), allow connection from the internal network to the outside for the DNS name ca.szru.gov.ua for HTTP and HTTPS protocols (to TCP port numbers 80 and 443);
• when using JavaScript libraries and server proxy handlers (ProxyHandler) for them - add the DNS Name ca.szru.gov.ua to the list of allowed network nodes (knownHosts) in the ProxyHandler handlers.

The update includes:

• a new (updated) chain of certificates of QTSP of CA JSC CB "PRIVATBANK".

The update includes:

• updated certificates of the CMP server of QTSP "eSign" of LLC "Ilife".

The update includes:

• adding a chain of certificates and settings of KNEDP SBU;
• a new (updated) chain of KNEDP CSK JSC "Oschadbank" certificates.

To work with the KNEDP of the SBU, it is necessary to provide access to the services of this KNEDP under the DNS-Name va1-knedp.ssu.gov.ua. For this you need:

• when using inter-network screens (firewalls), allow connection from the internal network to the outside for the DNS name va1-knedp.ssu.gov.ua for HTTP and HTTPS protocols (to TCP port numbers 80 and 443);
• when using JavaScript libraries and server proxy handlers (ProxyHandler) for them - add the DNS name va1-knedp.ssu.gov.ua to the list of allowed network nodes (knownHosts) in the ProxyHandler handlers.