Identification with ID-cards on websites: server configurations, problem solutions, etc.

Authentication success depends on the client platform used. You can create independent authentication solutions in Windows on the basis of the ID-card CSP or use web-based authentication. This is supported by Internet Explorer, Firefox and Chrome browsers and Apache and IIS servers.

Authentication certificate validity confirmation (OCSP query)

When using an ID-card for identification, it is important to perform an ID-card authentication certificate validity check (an OCSP query).

Configuring ID-card support in IIS web server:

Configuring ID-card support in IIS web server:

Read more:

ID-card and testing:

  • Ordering test ID-cards

    Show Hide

    Ordering test cards

    General information on test cards:

    General information on test cards:

    https://www.skidsolutions.eu/en/services/testcard/

    Test cards issued by SK:

    • test ID-card (2018); 
    • test ID-card (ECC certificates, 2017 update); 
    • test e-resident’s digital ID (2018); 

    e-Seal on crypto-stick issued by SK

    NB! Keep in mind that:

    • test ID-cards can only be used in a test environment;  
    • test ID-card certificates cannot be updated
    Hide
  • AIA-OCSP URL

    Show Hide

    AIA-OCSP URL with unrestricted access can usually be found in the certificate. Each CA branch has its own URL and certificate to sign OCSP responses.  

    Since 2019, a new OCSP response profile is valid for organisation certificates, which is also applied to CA certificates. With the new OCSP response, Archive Cutoff and Extended Revoked Definition solutions were taken into use Find additional information on the website of SK ID Solutions.  

    NB! Older certificates might not have this in the URL certificate, in which case the URL should be found from the following list: 

    Live chain service URLTest chain service URL
    http://aia.sk.ee/esteid2018 http://aia.demo.sk.ee/esteid2018 
    http://aia.sk.ee/esteid2011 http://aia.demo.sk.ee/esteid2011 
    http://aia.sk.ee/eid2011 http://aia.demo.sk.ee/eid2011 
    http://aia.sk.ee/klass3-2010 http://aia.demo.sk.ee/klass3-2010 
    http://aia.sk.ee/esteid2015 http://aia.demo.sk.ee/esteid2015 
    http://aia.sk.ee/eid2016 http://aia.demo.sk.ee/eid2016 
    http://aia.sk.ee/nq2016 http://aia.demo.sk.ee/nq2016 
    http://aia.sk.ee/klass3-2016 http://aia.demo.sk.ee/klass3-2016 

    Information agreed on the BDOC-TM (TimeMark) signature should not be used in the nonce field of AIA-OCSP with unrestricted access. 

    NB! The validity of the certificates used for signing the responses of AIA-OCSP with unrestricted access is brief. 

    Hide
  • New ID-card: frequently asked questions

    Show Hide

    Parallel use 

    • In the DigiDoc4 client, it is possible to use both Idemia as well as an older Estonian ID-card in Windows and macOS. Both Idemia and Estonian minidriver are necessary. 

    Using test-OCSP 

    Authentication in web services 

    After using beta software, it is necessary to clean local cache catalogues: 

    • Windows – erase %APPDATA%\digidocpp ja %APPDATA%\RIA 
    • macOS – erase ~/Library/Containers/ee.ria.qdigidoc4/Data/Library/Application Support/RIA/qdigidoc4/
    • Ubuntu – erase catalogues /.digidocpp/tsl ja /.local/share/RIA/qdigidoc4 

    Let us know of any errors and problems! 

    Hide