Estonian ID card authentication is configured on the web server to be invisible to client applications, and this is essentially how it works:
1. Web server requests a certificate from the visitor (from visitor’s web browser, how the visitor’s web browser requests it from the visitor depends on the specific web browser).
2. After receiving certificate from web browser web server checks the following:
- the certificate MUST BE signed by AS Sertifitseerimiskeskus.
If these two conditions are fulfilled, contents of the protected directory will be displayed or the corresponding PHP application will be executed on the virtual server.