This is the Certificate Revocation Lists (CRLs) page of the Public Key Infrastructure of the Dutch government, known as PKIoverheid (PKIo). Using this page, you can verify the status of domain, intermediate, and issuance certificates of the Trust Service Providers (TSP) that have been issued under the Root certificates of PKIo. New certificates can be issued under all these certificates, which is why they are referred to as Certification Authorities (CA) of PKIoverheid. The status of each of these certificates can be verified by consulting the respective CRLs.
For more information about PKIoverheid, please visit the Logius website.
Publicly trusted CAs
PKIoverheid currently has one publicly trusted root CA certificate (for S/MIME use only):
- Staat der Nederlanden Root CA - G3 (valid until November 13th, 2028)
The following publicly trusted root CA certificates are expired:
- Staat der Nederlanden Root CA (expired in 2015)
- Staat der Nederlanden Root CA - G2 (expired in 2020)
- Staat der Nederlanden EV Root CA (expired in 2022)
Even though these CAs have (long since) expired CRLs for some of these CAs might still be offered as a “best effort” option with no guarantees about availability. However, due to the fact that they are expired they are not listed on this web-page and shouldn’t be relied upon.
The table below contains links to the latest published Staat der Nederlanden CA - G3 CRLs
| Staat der Nederlanden CA - G3 CRLs | CRL Publication date |
|---|---|
| List of revoked G3 domain certificates | 17 October 2023 |
| List of revoked TSP certificates for G3 domain “Organisatie Services” | 17 October 2023 |
| List of revoked TSP certificates for G3 domain “Organisatie Persoon” | 17 October 2023 |
| List of revoked TSP certificates for G3 domain “Burger” | 17 October 2023 |
| List of revoked TSP certificates for G3 domain “Autonome Apparaten” | 17 October 2023 |
| List of revoked TSP certificates for G3 domain “Organization Services CA - 2023” | 31 October 2023 |
| List of revoked TSP certificates for G3 domain “Organization Person CA - 2023” | 31 October 2023 |
| List of revoked TSP certificates for G3 domain “Citizen CA - 2023” | 31 October 2023 |
| List of revoked TSP certificates for G3 domain “S/MIME CA - 2023” | 31 October 2023 |
Private CAs
PKIoverheid currently has two Private Root CAs for use in both S/MIME and TLS certificate issuance. They are intended for use in machine-to-machine environments (Private Root) or test environments (TRIAL). These certificates are NOT trusted in browsers by default:
- Staat der Nederlanden Private Root CA - G1
- TRIAL PKIoverheid Root CA - G3
The following private Root CA certificates have expired:
- TRIAL PKIoverheid TEST Root CA - G2 (expired in 2020)
For expired TRIAL CA certificates no CRLs are offered after the expiration date.
The table below contains links to the latest published Private Root G1 CRLs
| Private Root CRLs | CRL Publication date |
|---|---|
| List of revoked private domain certificates | 17 October 2023 |
| List of revoked TSP certificates for private domain “Private Personen” | 17 October 2023 |
| List of revoked TSP certificates for private domain “Private Services” | 17 October 2023 |
The table below contains links to the latest published TRIAL Root CA - G3 CRLs
| TRIAL Root G3 CRLs | CRL Publication date |
|---|---|
| List of revoked G3 TRIAL domain certificates | 12 June 2023 |
| List of revoked TSP certificates for G3 TRIAL domain “Organisatie Persoon” | 12 June 2023 |
| List of revoked TSP certificates for G3 TRIAL domain “Organisatie Services” | 12 June 2023 |
