Skip to main content eIDAS szerinti minősített bizalmi szolgáltató
Certificates for our timestamping units

We operate multiple timestamping units. Each timestamping unit uses the same keypair and TSA certificate, but issues the timestamps in their own serial number range. There is a load balancing mechanism that decides which timestamping unit answers a certain timestamping request based on the current status of timestamping traffic.

The lifetime of the private keys of the timestamping units is limited, the timestamping certificates are replaced yearly according to our policies. We guarantee that the certificate of each timestamping unit remains valid for at least 10 years after the last timestamp had been issued. Each of our timestamping certificates have the year of issuance and optionally a sequence number within that year in their subject distinguished name. The timestamping units with the highest year and sequence number value are always the active ones.

As our timestamping certificates change regularly we discourage hardcoding our timestamping certificates into applications. Our timestamping certificates can by recognized by the timeStamping extended key usage in them, and they are issued by the CAs denoted in our hierarchy graph.

You can find information on the accessibility of our timestamping service here.


The ECC and SHA-256 based intermediate CA certificates used exclusively for issuing timestamping certificates:

The SHA-256 based certificates of our qualified ECC timestamping units:

The SHA-256 based certificates of our qualified RSA timestamping units:

The SHA-256 based certificate of our non-qualified timestamping unit:

The SHA-1 based certificates of our qualified timestamping units in our legacy hierarchy:

Our non-qualified timestamping unit: