Personal identification with an ID-card

There are two ways to realize personal identification with an ID-card in your e-service: use the certificate authentication built into the browser (TLS client certificate authentication or TLS-CCA) or the new online authentication and signing solution with an ID-card, Web eID.

We recommend that you prefer the Web eID solution for personal identification with an ID-card in e-services, as it makes the use of an ID-card in a web browser more reliable, more user-friendly, and solves several problems encountered with the TLS-CCA solution.

We recommend using the TLS-CCA solution in e-services with strict security requirements, such as e-services where state secrets are stored. You can read more about the security of the TLS-CCA and Web eID solution in the security analysis prepared by Cybernetica AS.

• TLS-CCA

  Show Hide

  Configuring ID-card support in IIS web server:

  • IIS web server configuration for using two-way SSL (in English, 31. May. 2022)
  • IIS web server configuration for using two-way SSL (in Estonian, 31. May. 2022)

  Configuring ID-card support in Ubuntu web server:

  • Two-way SSL setup in Ubuntu Ngnix web server (in English, 22. February. 2023)
  • Two-way SSL setup in Ubuntu Ngnix web server (in Estonian, 22. February. 2023)

  • Two-way SSL setup in Ubuntu Apache2 web server (in English, 21. February 2023)
  • Two-way SSL setup in Ubuntu Apache2 web server (in Estonian, 21. February 2023)

• What do I need to do to integrate the Web eID solution into my online service?

  Show Hide

  Taking Web eID into use implies changes to the online service. The library and samples for the Java, .NET and PHP platforms are currently available. Support for additional platforms is planned based on feedback.

  To get started, we recommend reading the Web eID materials:

  • Portal and the sample environment: https://web-eid.eu/
  • Authentication: https://github.com/web-eid/web-eid-system-architecture-doc#authentication-1
  • Signing: https://github.com/web-eid/web-eid-system-architecture-doc#digital-signing
  • Sample application that uses Web eID for authentication and signing: https://github.com/web-eid/web-eid-spring-boot-example

  How to start using Web eID on the Java platform:

  1. Integrate the JavaScript library web-eid.js into your service’s front-end. The JavaScript library is necessary for the website of the online service to communicate with the browser extension. Instructions for taking into use: https://github.com/web-eid/web-eid.js#quickstart;
  2. The Java authentication token validation library web-eid-authtoken-validation-java must be used in the back-end for authentication. Instructions for taking into use: https://github.com/web-eid/web-eid-authtoken-validation-java#quickstart;
  3. A XAdES library must be used in the back-end for signing. On the Java platform, we recommend using the digidoc4j library. Instructions for taking into use: https://github.com/open-eid/digidoc4j/wiki/Examples-of-using-it

  How to start using Web eID on the .NET platform:

  1. Integrate the JavaScript library web-eid.js into your service’s front-end. The JavaScript library is necessary for the website of the online service to communicate with the browser extension. Instructions for taking into use: https://github.com/web-eid/web-eid.js#quickstart;
  2. The .NET authentication token validation library web-eid-authtoken-validation-dotnet must be used in the back-end for authentication. Instructions for taking into use: https://github.com/web-eid/web-eid-authtoken-validation-dotnet#quickstart;
  3. A XAdES library must be used in the back-end for signing. On the .NET platform, we recommend using the libdigidocpp library. Instructions for taking into use: https://github.com/open-eid/libdigidocpp/wiki#how-to-use-it

  How to start using Web eID on the PHP platform:

  1. Integrate the JavaScript library web-eid.js into your service’s front-end. The JavaScript library is necessary for the website of the online service to communicate with the browser extension. Instructions for taking into use: https://github.com/web-eid/web-eid.js#quickstart;
  2. The PHP authentication token validation library web-eid-authtoken-validation-php must be used in the back-end for authentication. Instructions for taking into use: https://github.com/web-eid/web-eid-authtoken-validation-php#quickstart

  How to start using Web eID on other platforms:

  1. Integrate web-eid.js JavaScript library into your service’s front-end. The JavaScript library is necessary for the website of the online service to communicate with the browser extension. Instructions for taking into use: https://github.com/web-eid/web-eid.js#quickstart;
  2. The authentication token validating library must be used in the back-end for authentication. Currently, there is a library for the Java, .NET and PHP platforms. Support for other platforms is planned, more information can be found in the schedule. Additionally, we would appreciate your feedback regarding platform preferences;
  3. A XAdES library must be used in the back-end for signing. If possible, we recommend using the existing libraries:
     1. Libdigidocpp: https://github.com/open-eid/libdigidocpp
     2. DigiDoc4j: https://github.com/open-eid/digidoc4j

Read more:

• Web eID
• ID-card testing