PKIoverheid Certificate Revocation Lists

This is the Certificate Revocation Lists (CRLs) page of the Public Key Infrastructure of the Dutch government, known as PKIoverheid (PKIo). Using this page, you can verify the status of domain, intermediate, and issuance certificates of the Trust Service Providers (TSP) that have been issued under the Root certificates of PKIo. New certificates can be issued under all these certificates, which is why they are referred to as Certification Authorities (CA) of PKIoverheid. The status of each of these certificates can be verified by consulting the respective CRLs.

For more information about PKIoverheid, please visit the Logius website.

Publicly trusted CAs

PKIoverheid currently has one publicly trusted root CA certificate (for S/MIME use only):

Staat der Nederlanden Root CA - G3 (valid until November 13th, 2028)

The following publicly trusted root CA certificates are expired:

Staat der Nederlanden Root CA (expired in 2015)
Staat der Nederlanden Root CA - G2 (expired in 2020)
Staat der Nederlanden EV Root CA (expired in 2022)

Even though these CAs have (long since) expired CRLs for some of these CAs might still be offered as a “best effort” option with no guarantees about availability. However, due to the fact that they are expired they are not listed on this web-page and shouldn’t be relied upon.

The table below contains links to the latest published Staat der Nederlanden CA - G3 CRLs

Staat der Nederlanden CA - G3 CRLs	Issue date
List of revoked G3 domain certificates	19 September 2024
List of revoked TSP certificates for G3 domain “Organisatie Services”	19 September 2024
List of revoked TSP certificates for G3 domain “Organisatie Persoon”	19 September 2024
List of revoked TSP certificates for G3 domain “Burger”	19 September 2024
List of revoked TSP certificates for G3 domain “Autonome Apparaten”	19 September 2024
List of revoked TSP certificates for G3 domain “Organization Services CA - 2023”	19 September 2024
List of revoked TSP certificates for G3 domain “Organization Person CA - 2023”	19 September 2024
List of revoked TSP certificates for G3 domain “Citizen CA - 2023”	19 September 2024
List of revoked TSP certificates for G3 domain “S/MIME CA - 2023”	19 September 2024

Private CAs

PKIoverheid currently has two Private Root CAs for use in both S/MIME and TLS certificate issuance. They are intended for use in machine-to-machine environments (Private Root) or test environments (TRIAL). These certificates are NOT trusted in browsers by default:

Staat der Nederlanden Private Root CA - G1
TRIAL PKIoverheid Root CA - G3

PKIoverheid has created five Root CA certificates reserved for future use. Some may be submitted for use in browsers and thus become publicly trusted in time. These five root certificates are:

Staat der Nederlanden - G4 Root EUTL G-Sigs - 2024
Staat der Nederlanden - G4 Root Priv S-CIBG - 2024
Staat der Nederlanden - G4 Root Priv G-Other - 2024
Staat der Nederlanden - G4 Root Priv G-TLS - 2024
Staat der Nederlanden - G4 Root Publ G-SMIME - 2024

The following private Root CA certificates have expired:

TRIAL PKIoverheid TEST Root CA - G2 (expired in 2020)

For expired TRIAL CA certificates no CRLs are offered after the expiration date.

The table below contains links to the latest published Private Root G1 CRLs

Private Root CRLs	Issue date
List of revoked private domain certificates	19 September 2024
List of revoked TSP certificates for private domain “Private Personen”	19 September 2024
List of revoked TSP certificates for private domain “Private Services”	19 September 2024

The table below contains links to the latest published G4 CRLs

G4 Root CRLs	Issue date
List of revoked EUTL G-Sigs Intermediate CA certificates	23 May 2024
List of revoked Private G-Other Intermediate CA certificates	23 May 2024
List of revoked Private G-TLS Intermediate CA certificates	23 May 2024
List of revoked Private S-CIBG Intermediate CA certificates	23 May 2024
List of revoked Public G-S/MIME Intermediate CA certificates	23 May 2024

G4 Intermediate CA CRLs	Issue date
List of revoked TSP certificates issued under G4 intermediate certificate “Staat der Nederlanden - G4 Intm Priv G-Other NP - 2024”	30 May 2024
List of revoked TSP certificates issued under G4 intermediate certificate “Staat der Nederlanden - G4 Intm Priv G-Other LP - 2024”	30 May 2024
List of revoked TSP certificates issued under G4 intermediate certificate “Staat der Nederlanden - G4 Intm EUTL G-Sigs NP - 2024”	30 May 2024
List of revoked TSP certificates issued under G4 intermediate certificate “Staat der Nederlanden - G4 Intm EUTL G-Sigs LP - 2024”	30 May 2024
List of revoked TSP certificates issued under G4 intermediate certificate “Staat der Nederlanden - G4 Intm Priv G-TLS SYS - 2024”	27 June 2024
List of revoked TSP certificates issued under G4 intermediate certificate “Staat der Nederlanden - G4 Intm Priv S-CIBG LP - 2024”	27 June 2024
List of revoked TSP certificates issued under G4 intermediate certificate “Staat der Nederlanden - G4 Intm Priv S-CIBG NP - 2024”	27 June 2024

The table below contains links to the latest published TRIAL Root CA - G3 CRLs

TRIAL Root G3 CRLs	Issue date
List of revoked G3 TRIAL domain certificates	31 May 2024
List of revoked TSP certificates for G3 TRIAL domain “Organisatie Persoon”	31 May 2024
List of revoked TSP certificates for G3 TRIAL domain “Organisatie Services”	31 May 2024

Contact