Renewal of the ID card (Digi-ID and e-Resident's Digi-ID) certificates - frequently asked questions
Recommended steps prior to certificate renewal:
- Download ID-software from the website installer.id.ee, Mac OS X users from Apple App Store. Version should be 3.12.2 or higher.
- Decrypt and save files that have been encrypted for you (files with .cdoc extension). They can no longer be opened after the renewal.
- Make sure you have an alternative ID (Mobile-ID or Digi-ID) in case the renewal fails.
- Use a reliable, fast internet connection and don't use the computer for any concurrent operations.
- Keep checking the screen for what is requested from you and don't remove your card from the reader during the renewal process.
- A video on the renewal is available here http://www.id.ee/?lang=en&id=37693
- Open the ID-card utility, insert the card in the card reader and follow the on-screen instructions.
- You will be asked to enter your PIN 1 repeatedly during the renewal process. If new PIN-codes are displayed to you during renewal,
- make sure to write them down, otherwise you cannot complete the renewal.
- New PIN-codes are not displayed every time that cards are updated, more details are available in section 15.
- If renewal is interrupted, restart your computer and try to start all over.
- You can continue an interrupted renewal within a 10-day period.
Should the renewal nevertheless fail, contact your closest Police and Border Guard Board service centre. The renewal will be completed there.
1. Upon renewing the ID card certificates, I get an error message "SSL handshake failed". What should I do?
The problem can be solved by updating the ID software configuration file to version 15. Complete the following steps:
- Open the ID card utility;
- Select 'Info > Check updates'
- The following message is displayed: "You are using the latest software. There are no software or configuration updates available" (actually configuration has been renewed)
Close the ID card utility, open it again and try to renew the certificates. If the same error repeats, contact the ID card help line at abi at id dot ee . Attach the diagnostics file generated by the ID card utility (see the instructions)
2. Do my ID card certificates need to be renewed?
Card certificate updates will be rolled out in several waves during the year (2016). It is possible to check if your certificates need an upgrade by opening the ID card utility (version 3.12.2 or newer) and inserting your card into the smartcard reader. If your certificates need to be renewed, the utility will display the following message with a yellow background: “Your ID card certificates need to be updated.” See the below screenshot.
If the ID card utility or DigiDoc3 client does not display the version number at the bottom left corner, it means your ID software is out of date and you need to update it at https://installer.id.ee/ (Mac OS X users can download the latest version of DigiDoc3 Client and ID card utility from Apple App Store. See the instructions). You can also check the utility version by clicking on the „About“ menu (the version number is displayed as „qesteidutil version 220.127.116.116“). See also the instructions on how to open the ID card utility.
E-residents who are affected by the upgrade will be notified by an email from the Estonian Police and Border Guard Board.
3. How can I renew my certificates?
Open the ID card utility (version 3.12.2 or newer), insert your ID card into the smartcard reader and follow the instructions displayed on the screen. If the utility does not display the version number (highlighted in red on the screenshot), it means your ID software is out of date and you need to update it at https://installer.id.ee (Mac OS X users can download the latest version of DigiDoc3 Client and ID card utility from the Apple App Store. See the instructions). See also the instructions on how to open the ID card utility.
Watch the video to learn how to renew your ID card certificates in the ID card utility.
4. How do I know that the certificates have been successfully renewed?
If the ID card ID card utility does not display the notification about updating certificates, it means you certificates should be up to date. You can also check it by loading your document photo (use the PIN1 code). Click on „Load picture“.
5. Where do I get the ID software?
If you don’t have the ID card utility installed on your current computer, you should visit the official ID card utility install page at installer.id.ee and download the software from there (MAC OS X users can download the latest version of DigiDoc3 Client and ID card utility from the Apple App Store. See the instructions). See also the instructions on how to open the ID card utility.
6. I have lost my PIN codes, can I still renew the certificates?
If you have: - An e-resident digi-ID and your PIN codes are lost, you will need to order a new card, which will come with renewed certificates. Submit your application here: e-resident.gov.ee, - An ID card or resident digi-ID, you can receive new PIN and PUK codes from one of the customer service points.
7. I renewed my certificates and can no longer login into an e-service
Try to login into . If you are able to login into , it means support of the new, stronger cryptography based certificate has not yet been set up by the service you tried to use. for the list of e-services that should work with the updated card.
8. Renewal of my certificates has failed. What should I do?
If renewal of your certificates has failed, try to renew them once again. Close and restart the ID card utility. If you are still unable to renew your certificates, call the ID Support Centre. You will be assisted with the renewal or, if necessary, your card will be replaced.
9. I got an “ID card certificates need to be renewed” message when I tried to login to the eesti.ee website. What should I do?
Open the ID card utility (version 3.12.2 or newer), insert your card into the smartcard reader and follow the instructions displayed on the screen. If the utility does not display the version number (highlighted in red on the screenshot), it means your ID software is out of date and you need to update it at (MAC OS X users can download the latest version of DigiDoc3 Client and ID card utility from the Apple App Store. See the instructions). See also on how to open the ID-card utility.
10. I renewed my ID card certificates and signed a document. The recipient of the document claims that my signature has the status “Unknown”.
The recipient of your document needs to update their ID software. Windows users can download the latest ID software at . Mac OSX users can download the latest version of DigiDoc3 Client and ID card utility from the Apple App Store. See the instructions). E-services owners can find additional information here.
11. My ID card is valid for 10 years. I cannot renew my certificates in the ID card utility. What should I do?
If your ID card is valid for a period of 10 years, but its certificates have expired, go to any service point of the Estonian Police and Border Guard Board.
12. Why do I need to renew my certificates if the certificates are valid and can I use them to access e-services and sign digital documents?
To ensure that the ID card/digi-ID card and digital signatures remain highly secure, Estonia is implementing a stronger cryptography (SHA). In 2016, the certificates of all Estonian ID cards and digi-IDs will be renewed. During the renewal process the card will receive new certificates. The new certificates have a stronger cryptographic algorithm than that of previous certificates. With renewed certificates you can continue securely using e-services with your card. For more information see this article. cvc
13. Do I need to renew certificates because my ID card/digi-ID card is no longer secure?
Your card remains secure. Certificate renewal is necessary because Estonia is implementing a stronger cryptography (SHA) that will ensure that the ID card/digi-ID card and digital signatures remain highly secure. Frequent and rapid changes in the digital security environment mean that the Estonian IDcard/digi-ID card must be updated too.
14. Will I be able to open previously signed documents with the updated ID card/digi-ID card?
You will still be able to work with previously-issued DDOC format signatures using the upgraded software, but you will no longer be able to issue new digital signatures in the DDOC format. Starting from March 2015, the default format of digital signatures is BDOC and starting from ID software version 3.12 it is not possible to add a signature to a document previously signed in DDOC format. Please find more information here.
15. I have some encrypted documents on my computer. Can I decrypt these documents after I have renewed my certificates?
No, you will not be able to decrypt the documents because when new certificates are issued, new private and public keys are generated. It is also not possible to use a new card to decrypt files that were encrypted using a previous card (ID card, resident digi-ID or e-resident digi-ID).
16. During the certificates renewal process I received new PIN1, PIN2 and PUK codes. What steps should I take to make sure that my codes remain secure?
Your new codes are displayed on your computer screen. This means that in order for them to remain secure you should not update your certificates if someone else might see your PIN1, PIN2, or PUK codes. We recommend that you change your PIN and PUK codes in the ID card utility after the update. See the instructions on how to do it here.
17. Can I keep using my card with old certificates?
Do this at your own risk. With some services, the old certificates will keep working for an unspecified amount of time, but as a result of changes in the security environment, we recommend you do not continue to use your ID card/digi-ID with old certificates.
18. During the certificates renewal process my spouse received new PIN codes, whereas I didn't.
The renewal procedure is different for cards issued at different times. For some cards new PIN and PUK codes need to be generated. If you did not receive new PIN and PUK codes while renewing your certificates, your old PIN and PUK codes remainvalid.
19. I am currently located abroad and I was not able to renew my certificates. What should I do?
If you were not able to renew your certificates, contact us at abi at id dot ee. Please provide your name, personal identification code, document number and e-mail address.
20. Upon renewing the ID card certificates, I get an error message "Unexpected error. Please restart the process". What should I do?
You should wait for an e-mail to get confirmation that you can start the renewal process again. Meanwhile you can use your card as usual.