PKIoverheid Certificate Revocation Lists

This is the Certificate Revocation Lists (CRLs) page of the Public Key Infrastructure of the Dutch government, known as PKIoverheid (PKIo). Using this page, you can verify the status of domain, intermediate, and issuance certificates of the Trust Service Providers (TSP) that have been issued under the Root certificates of PKIo. New certificates can be issued under all these certificates, which is why they are referred to as Certification Authorities (CA) of PKIoverheid. The status of each of these certificates can be verified by consulting the respective CRLs.

For more information about PKIoverheid, please visit the Logius website.

Publicly trusted CAs

PKIoverheid currently has one publicly trusted root CA certificate (for S/MIME use only):

  • Staat der Nederlanden Root CA - G3 (valid until November 13th, 2028)

The following publicly trusted root CA certificates are expired:

  • Staat der Nederlanden Root CA (expired in 2015)
  • Staat der Nederlanden Root CA - G2 (expired in 2020)
  • Staat der Nederlanden EV Root CA (expired in 2022)

Even though these CAs have (long since) expired CRLs for some of these CAs might still be offered as a “best effort” option with no guarantees about availability. However, due to the fact that they are expired they are not listed on this web-page and shouldn’t be relied upon.

Private CAs

PKIoverheid currently has two Private Root CAs for use in both S/MIME and TLS certificate issuance. They are intended for use in machine-to-machine environments (Private Root) or test environments (TRIAL). These certificates are NOT trusted in browsers by default:

  • Staat der Nederlanden Private Root CA - G1
  • TRIAL PKIoverheid Root CA - G3

The following private Root CA certificates have expired:

  • TRIAL PKIoverheid TEST Root CA - G2 (expired in 2020)

For expired TRIAL CA certificates no CRLs are offered after the expiration date.

Exported on: 2024-04-30.