Authentication success depends on the client platform used. You can create independent authentication solutions in Windows on the basis of the ID-card CSP or use web-based authentication. This is supported by Firefox and Chrome browsers and Apache and IIS servers.
Authentication certificate validity confirmation (OCSP query)
When using an ID-card for identification, it is important to perform an ID-card authentication certificate validity check (an OCSP query).
-
Sample application:
https://demo.sk.ee/download/php_ocsp_check_updated_20170210.zip -
Validity confirmation service (foreign certificates check):
https://www.skidsolutions.eu/en/services/validity-confirmation-services/proxy-ocsp/
Configuring ID-card support in IIS web server:
- IIS web server configuration for using two-way SSL (in English, 31. May. 2022)
- IIS web server configuration for using two-way SSL (in Estonian, 31. May. 2022)
Configuring ID-card support in Ubuntu web server:
- Two-way SSL setup in Ubuntu Ngnix web server (in English, 22. February. 2023)
- Two-way SSL setup in Ubuntu Ngnix web server (in Estonian, 22. February. 2023)
- Two-way SSL setup in Ubuntu Apache2 web server (in English, 21. February 2023)
- Two-way SSL setup in Ubuntu Apache2 web server (in Estonian, 21. February 2023)
Read more:
ID-card and testing:
-
Show Hide Ordering test cards
-
Ordering form of test cards:
https://www.skidsolutions.eu/en/services/testcard/?service/test_cards -
Prices of test cards:
https://www.skidsolutions.eu/en/services/pricelist/testcard/
General information on test cards:
General information on test cards:
https://www.skidsolutions.eu/en/services/testcard/
Test cards issued by SK:
- test ID-card (2021);
- test ID-card (2018);
- test e-residency Digi-ID (2018);
e-Seal on crypto-stick issued by SK
- test e-Seal on crypto stick
NB! Keep in mind that:
- test ID-cards can only be used in a test environment;
- test ID-card certificates cannot be updated.
-
Ordering form of test cards:
-
Show Hide AIA-OCSP URL with unrestricted access can usually be found in the certificate. Each CA branch has its own URL and certificate to sign OCSP responses.
Since 2019, a new OCSP response profile is valid for organisation certificates, which is also applied to CA certificates. With the new OCSP response, Archive Cutoff and Extended Revoked Definition solutions were taken into use Find additional information on the website of SK ID Solutions.
NB! Older certificates might not have this in the URL certificate, in which case the URL should be found from the following list:
Live chain service URL Test chain service URL http://aia.sk.ee/esteid2018 http://aia.demo.sk.ee/esteid2018 http://aia.sk.ee/esteid2011 http://aia.demo.sk.ee/esteid2011 http://aia.sk.ee/eid2011 http://aia.demo.sk.ee/eid2011 http://aia.sk.ee/klass3-2010 http://aia.demo.sk.ee/klass3-2010 http://aia.sk.ee/esteid2015 http://aia.demo.sk.ee/esteid2015 http://aia.sk.ee/eid2016 http://aia.demo.sk.ee/eid2016 http://aia.sk.ee/nq2016 http://aia.demo.sk.ee/nq2016 http://aia.sk.ee/klass3-2016 http://aia.demo.sk.ee/klass3-2016 Information agreed on the BDOC-TM (TimeMark) signature should not be used in the nonce field of AIA-OCSP with unrestricted access.
NB! The validity of the certificates used for signing the responses of AIA-OCSP with unrestricted access is brief.