Frequently Asked Questions

Why is it necessary to renew the certificates?

On 30 August, an international team of researchers informed the Information System Authority (RIA) that they have discovered a security risk that affects the chips used in ID-cards, residence permits, and digital IDs issued in Estonia as of October 2014. The security risk is caused by the combination of the chip and the software. It is not possible to change the chip, but after renewing the certificates and updating the software of the chip, the chip can be used without the security risk occurring.

  • Why is it necessary to renew the certificates?

    On 30 August, an international team of researchers informed the Information System Authority (RIA) that they have discovered a security risk that affects the chips used in ID-cards, residence permits, and digital IDs issued in Estonia as of October 2014. The security risk is caused by the combination of the chip and the software. It is not possible to change the chip, but after renewing the certificates and updating the software of the chip, the chip can be used without the security risk occurring.

  • Do the certificates of my ID-card, residence permit, or digital ID have to be renewed?

    You can check whether your document certificates have to be renewed HERE.

    It might be necessary to renew the certificates of the following documents:

    • ID-card
    • Residence permit
    • Digital ID
    • E-resident’s card
    • Diplomatic identity card
    You have to renew your document certificates if you use your ID-card electronically and your document has been issued after 16 October 2014. 
  • When and how can I renew my certificates?

    The certificates can be renewed until 31 March 2018. The certificates can be renewed on your work or home computer with the ID-card software. If you fail to renew the certificates on your computer or it is not possible to do so, you can renew your document at the service points of the Police and Border Guard Board.

    On the night before 4 November, certificates potentially impacted by the security vulnerability and which have not been updated will be inactivated. That means they cannot be used electronically to log in to online services or sign documents, but have to be (and can be) remotely updated.

    NB! All certificates that have not been renewed by 1 April will be revoked. If you need to use your ID-card electronically after that, you will have to apply for a new ID-card.

    ID-cards issued from 26 October 2017 have new certificates that do not have to be renewed.

  • I have a security risk affected card. Should I update it now?

    If you need to continue using your card electronically, you should update it. Fast update is critical for persons who depend on e-services in their private or work life and who lack alternative authentication means (mobile-ID, Smart-ID). If in doubt, apply for mobile-ID and/or Smart-ID.

  • My card expires in a month, should I renew my certificates or request a new one?

    If you need to continue using your ID-card electronically, you should update the certificates. If the card expires in a month, apply for a new card. 

  • PPA has informed me that my new ID-card is ready and I can pick it up. Can I use e-services with the new card?

    E-service providers are gradually adjusting their services to the ID-card's updated software. Not all e-services have managed to update their systems yet, but the situation is improving day by day. The incomplete list of the e-services that accept the updated ID-card  (in Estonian).

    To use updated ID-card, download the newest version of the ID software at installer.id.ee. Older versions of the software are not compatible with the new certificates and therefore it is not possible to use updated ID-card with the older versions of the ID software.

    If your present ID-card is not expiring soon, then wait for some time before going to pick up your new ID-card.

  • I use my ID-card to buy medicines on the basis of a digital prescription in a pharmacy or as a loyalty card at a store. Do I have to renew my certificates?

    You have to renew your certificates if you use your ID-card for e-services that require entering the PIN1 or PIN2 code. Even though you have to insert your ID-card in the card reader, you do not have to enter PIN codes in a pharmacy or at a store. Therefore, if you never use your PIN codes, you do not have to renew your certificates.

  • I updated my ID-card at the service point of the Police and Border Guard Board and can’t use it anymore. What should I do?

    To use updated ID-card, download the newest version of the ID software at installer.id.ee. Older versions of the software are not compatible with the new certificates and therefore it is not possible to use updated ID-card with the older versions of the ID software.

  • Should I replace my document instead of renewing the certificates from home?

    You only have to renew your certificates if you use your card electronically (i.e. for logging into e-services and giving your digital signature). An ID-card is valid as an identity document and travel document until the expiry date printed on the card.

    A document renewed from home or at the service points of the Police and Border Guard Board is just as secure as a document issued after 26 October, because the document blanks and keys are the same in both cases. A new document can be applied for, but if there is more than half a year until its expiry date, the applicant must pay a state fee for doing so. The document is replaced under warranty only if the renewal of the certificates at the service points of the Police and Border Guard Board fails and there is more than half a year until the expiry date of the document. If the document is replaced under warranty, a new document will be issued with the same period of validity as the previous document.
  • Are there alternatives to the ID card?

    Mobile-ID can be used instead of an ID card when using electronic services. You can also use Smart ID or a security token issued by many other services, such as banks. Using code cards is not recommended; their security risks are significantly higher.

  • How do I get Mobile-ID?

    Contact your mobile carrier for a mobile-ID SIM card. Mobile-ID must then be activated on the politsei.ee website. You can start using Mobile-ID immediately after activation. After that, if the user wishes, the ID card certificates can be suspended. If the user wishes to suspend their digital certificates, they can do so by calling the ID card support line +372 6773377 (1777 if dialling within Estonia).

    The operator fee is currently €1 per month.
    With regards to Mobile-ID, you can get advice from your mobile operator, including the operator’s hotline and online service.
  • What will happen, if I don’t update my ID-card certificates? / The certificates were suspended. What happens now?

    Certificates of the ID-cards that are affected by a security vulnerability will be suspended on the night before 4 November. These cards can not be used for e-services or digital signatures. Suspended certificates can be updated until 31 March 2018. After updating it is possible to use ID-cards electronically.

    On 1 April 2018 all non-updated certificates of the ID-cards that are affected by a security vulnerability will be revoked. Cards with revoked certificates can no longer be renewed and must be physically replaced if you wish to use the card electronically.

    An ID-card with revoked certificates is valid as an identity document until the expiry date. You can buy medicines on the basis of a digital prescription without the updated ID-card.
  • Is it possible to activate Mobile-ID when my ID-card certificates are suspended?

    Yes, it is. You must contact your mobile carrier for a Mobile-ID SIM card and then you can activate your Mobile-ID at the service point of the Police and Border Guard Board.

  • If the certificates are suspended, can I still execute bank transfers?

    In this case, the card certificates need to be updated and the banking services can already be used. By now, all online banking services operating in Estonia support the updated certificates. Mobile-ID and Smart-ID users will not be affected by the suspensions.

  • Can the certificates also be renewed on the cards, the certificates which could be renewed until the beginning of July 2017?

    The renewal of certificates ended on 1 July only on those cards which were issued before mid-October 2014. These cards have another chip that is not affected by the security risk in question. These certificates cannot be renewed from home because the chip does not have enough space for the new software. At the moment, certificates can only be renewed from home on cards issued from 16 October 2014.

  • I have not completed the previous renewal process of the certificates. Does this renewal process fix both problems and will I be able to continue using my ID-card on Google Chrome as well?

    If your document was issued before mid-October 2014 and you did not renew your certificates by 1 July, as was requested, you will no longer be able to renew the certificates on that card. See more in the previous reply.

    All other cards, issued as of mid-October 2014, can be renewed until 31 March. 
     
    After the renewal, you will also be able to use the card on Google Chrome (except on Mac computers – Mac users have to wait until Chrome starts supporting elliptic curves. See also the question “I use a Mac computer, how can I renew the certificates from home?”).
  • Last time I tried to renew the certificates from home, but did not succeed. The software suggested that I go to a service point of the Police and Border Guard Board, but I did not go. Can I now renew my certificates from home?

    You will have to go to a service point of the Police and Border Guard Board. It is no longer possible to renew the certificates from home.

  • I have encrypted documents on my computer. Will I be able to decrypt them after renewing the certificates?

    If you have encrypted files on your computer, decrypt them and save them before renewing the certificates. After the certificates have been renewed, the old encrypted files will no longer open, as a new secret and public key will be generated when the new certificates are issued. It is also not possible to decrypt files encrypted with an earlier certificate with a new document (ID-card, residence permit, digital ID, e-resident’s card, diplomatic identity card).

    Encrypted files have CDOC file extension. It does not affect the following file extensions: DDOC, BDOC, ASICE and ASICS.

  • What do I have to do before renewing my certificates?
    1. Watch the tutorial on how to renew the certificates.
    2. Check whether your document has to be renewed. You can do this HERE
    3. Download the newest version of the ID-software from the website http://id.ee/index.php?id=37693installer.id.ee (your computer will notify you if you need to upload the newest version) and follow the instructions
    4. Make sure that you have a piece of paper and a pen nearby because you will be issued new PIN codes during the renewal process, and the old PIN codes will become invalid.

    If you have encrypted files on your computer, decrypt them and save them before renewing the certificates. Encrypted files have CDOC file extension. It does not affect the following file extensions: DDOC, BDOC, ASICE and ASICS.

  • Which operating systems can be used for renewing the certificates from home?

    You can renew your certificates from home on the following operating systems:

    • Windows 7 SP1, Windows 8.1, Windows 10;
    • Linux: 16.04 (LTS); 17.04;
    • Mac OS X Yosemite (10.11 Intel), Mac OS X El Capitan (10.11 Intel), Mac OS X Sierra (10.13).
  • Can I renew my certificates on Windows XP?

    No, Windows XP is expired and the ID-card software no longer supports this operating system.

  • I use a Mac computer, how can I renew the certificates from home?

    Mac OS X users can download the newest version of the ID-software from Apple’s App Store.

    The renewal process is the same as on other operating systems. Unfortunately, Mac users encounter problems after the renewal process in logging into e-services because Safari and Google Chrome do not support the encryption algorithm (elliptic curves) used in the new certificates. Google and Apple have been notified of this and the problem will be solved as soon as possible.

    Post renewal, e-services remain accessible via Firefox browser.

    It will also possible to give digital signatures in the DigiDoc utility after the renewal process.

  • How can I renew the certificates?
    1. To avoid errors, close all other programmes and windows on your computer and only pay attention to renewing the certificates.
    2. Insert the card into the card reader, open the ID-card management tool, click on the button “Update”, and follow the instructions.
    3. Keep your ID-card in the card reader throughout the renewal process. Do not remove the card while the process is ongoing because once you cancel the renewal process, you will no longer be able to renew the certificates from home, and you will have to go to a service point of the Police and Border Guard Board.
    4. Errors encountered while renewing the certificates from home may be a result of many people renewing them at the same time. 
    5. If you are displayed an error during the renewal process, you can try taking the card out of the card reader and inserting it again later. If you have been displayed an error during the renewal process on several occasions and you have not been able to renew your certificates, you can renew them at the service points of the Police and Border Guard Board.
  • I was issued new PIN1, PIN2, and PUK codes during the renewal process. Is displaying the codes on the computer screen safe?

    The new codes were generated and shown only on your computer. This means that only you know them. If you wish, you can change the PIN codes in the ID-card management tool. See instructions here.

  • I updated my ID-card, but I can not use many e-services. Is my card broken?

    Some e-services and systems have not made the necessary updates and do not yet support ID-cards with new certificates. Service providers must first make their own updates.

    After the upgrade, you need to restart your computer, in some cases twice.

    For Windows and Mac, it is also necessary to remove old certificates

    To use updated ID-card, download the newest version of the ID software at installer.id.ee. Older versions of the software are not compatible with the new certificates and therefore it is not possible to use updated ID-card with the older versions of the ID software.

    In case you have updated ID-card software, but it is not possible to give digital signatures in e-services, then follow the instructions here

     
     
  • Can I access e-school?

    Yes, the e-School application already supports an updated ID-card.

  • Can notarised agreements be signed?

    Contracts can be digitally signed with an ID-card with both unupdated and updated certificates.

  • I work in a hospital and I already updated my security risk affected ID-card. Now I'm not able to access the digilugu.ee environment. What should I do?

    It is possible to get mobile-ID and activate it with the new card on the police homepage.

  • I updated the administrative tool and card on a Mac computer. The update was successful. When I insert the card in a Windows computer, it still says that the card needs to be updated, although the certificates on the card are now new (valid from today).

    Probably, the Windows machine is still running an old version of the ID-card management tool that does not recognize ECC cryptography certificates (EC ellipse curves). Update the ID-software also on the Windows computer.

  • I suspect that my web browser will not work with the new certificates.

    Update your web browser. We know that some e-services need the Internet Explorer version to be at least 1752 and that some versions of Firefox do not recognise ECC certificates. (EC - elliptic curves).

  • How to determine that the certificates were successfully renewed?

    If the homepage of the management tool no longer displays a notice on the renewal of certificates and the card owner is no longer referred to a service point of the Police and Border Guard Board, the certificates should be successfully renewed.

  • I tried updating my ID-card on my laptop with my computer integrated card reader, but the computer showed an error message. What should I do?

    Some internal card readers are not currently updating. If possible, try updating the card with an external card reader.

    If the updating failed with your Lenovo integrated card reader, the problem is solved – you have to download the newest version of the ID software at installer.id.ee and try again.

  • I was displayed an error that the renewal failed. What should I do?

    If you were displayed an error during the updating process, it is recommended to remove ID-card from card reader and try again later. If the system gives several errors and updating process fails, then go to a service point of the Police and Border Guard Board, where the certificates of your card will be renewed.

    Some internal card readers (HP, Lenovo) are not currently updating. If possible, try updating the card with an external card reader.

  • I was displayed the following error: “Connection is closed”. What should I do?

    It means that the updating process failed. Connection with the servers was cancelled because of the server overload, quality of the internet connection etc. You need to restart your computer, close all other unnecessary windows or tabs and try again.

  • How is it possible that servers are overloaded for the whole night?

    The solutions were created in a short time and everything does not work perfectly. We are fully aware of the problems and specialists will take action to make the updating process work as swiftly as possible. We kindly ask you to be patient. Certificates can be updated until 31 March 2018.

     
  • I tried to update my ID-card, but ID software gave me contradicting information: 1) do no remove your ID-card from the reader; 2) server is overloaded, updating process failed. Which information should I trust?

    If you see that nothing has happened for the last 10 minutes and ID software gives you contradicting instructions, then cancel the updating process and try again later. If you were notified about server overload, then try again later.

  • How will I know that the updating limit has reached to maximum? Which error will the system give?

    If you see that nothing has happened for the last 10 minutes, then cancel the updating process and try again later.

  • I am abroad, but the renewal of my certificates failed. What should I do?

    If the renewal of the certificates failed and you cannot re-start the renewal process, call the ID card helpline (+372) 677 3377 or write to the e-mail address abi at id dot ee.

  • What does it mean that the certificates will be suspended in November but revoked on April 1?

    A card with suspended certificates can not be used for e-services or digital signatures before the card is updated either on a personal computer or at the PPA service halls. Cards with revoked certificates can no longer be renewed and must be physically replaced if you wish to use the card electronically. An ID-card with revoked certificates is valid as an identity document until the expiry date.

  • Who will cover the costs?

    The suspension of the certificates is a statutory measure to ensure the security and reliability of ID-cards and is used only as a last resort necessary to ensure the security of the cards. If the card update fails in the PPA's service hall, the card will be replaced in accordance with the guarantee procedure and will not cost anything to the customer. There is no provision for compensation of costs, but there is always the possibility to go to court.

  • Could it be that the lengthy queues for PPA services will end up stalling other services?

    In light of the additional burden of card updates, PPA is extending the opening hours of their service halls in November. If necessary, PPA is ready to open some service halls on weekends as well. We will have additional staff in our service halls, and our people are putting in a lot of overtime. We do our best to help people, but inconveniences are certainly inevitable. All PPA services remain operational.

  • Why can you upgrade just 15,000 cards a day? Do not you know how or do you not want to?

    The renewal of one card requires the exchange of data between the servers of four organisations: RIA, PPA, Gemalto (Trüb) and SK ID Solutions AS, and possibly subcontractors under them (server hosting, communications, support services). Systems this complex do not make fundamental changes so abruptly, this could endanger the security and functioning of the systems, existing type approvals/certifications, and so on. Server productivity has already been raised tenfold.

  • Why wasn’t the security threat that big at the time of the e-voting? It sounds suspicious.

    The probability of attacks has risen in time. At the time of e-voting the risk was still theoretical, but now the risk is getting higher every day. More and more countries, software companies and service providers are affected by the same security vulnerability. In addition, Czech scientists who discovered the security vulnerability have published their research. This increases the risk of somebody exploiting the vulnerability.


ASK FOR HELP

If you didn't find an answer to your question, send it to our team.



  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance

         

  • Verification failed

How can we improve the article and be more helpful?
Send Close