Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is paying for revoke checking, right?

Validating the certificate the same way servers validate client certificates should be enough to verify it as a date/time-valid Estonian ID.



Yes, this is to use OCSP. You do not have to pay if you download revocation lists manually. Ofcourse lists become stale rather quickly.

Very basic - hello world level - implementation is as simple as enabling client certificate authentication in Apache config.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: