Blog

Serbian ID Card Лична карта / Lična Karta Online Authentication

Serbian ID card system requires importing 5 CA certificates into Apache2. Issues include non-HTTPS download and malformed certificates incompatible with newer OpenSSL. Contact us for assistance.

14 May
,
2020
28 Apr
,
2025
# min read
Serbian ID card with personal information and national emblem displayed on a white background.

Downloading the Required Certificates

To enable client authentication using Serbian ID cards with Apache2, you must import five CA certificates into your server configuration. These certificates can be downloaded from the official website:
http://ca.mup.gov.rs/sertifikati-lat.html

Important note: The website does not support HTTPS, which raises security concerns—you cannot be fully certain that the certificates have not been tampered with during download.

Problems with Malformed Certificates

There are known technical issues with two of the certificates:

  • MUPCAGradjani.crt
  • MUPCARoot.crt

These certificates are malformed — their serial numbers are incorrectly structured as negative numbers. This causes compatibility issues with newer OpenSSL versions.

You can find more technical background here:
OpenSSL GitHub Issue #4320

Example Error Output

When trying to inspect or load the problematic certificates using OpenSSL, you may see errors like:

$ openssl x509 -inform der -in MUPCAGradjani.crt -text -noout
unable to load certificate
140630104798528:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding:../crypto/asn1/a_int.c:187:
140630104798528:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:627:Field=serialNumber, Type=X509_CINF
140630104798528:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509

Workarounds to Solve the Problem

To work with Serbian ID cards despite the certificate issues, your options include:

  • Using an older version of OpenSSL that tolerates incorrectly structured serial numbers.
  • Building a custom OpenSSL version to bypass the strict parsing.
  • Manual corrections with careful risk evaluation (not generally recommended).

Need Help with Serbian ID Card Integration?

If you're struggling to get Serbian ID card authentication working properly, you’re in the right place.

We have the technical expertise to help you overcome these issues quickly and securely.

Contact us— we’re ready to assist!

More latest articles

See all news
See all news
Businesswoman using digital signature on tablet in modern office setting
31 Jan
,
2025
28 Apr
,
2025
eSignatures

Legal Clarity for eSignatures: Insights from an ECJ Ruling

Read article
Diia.Signature digital service by eID Easy, showcasing secure electronic signatures for document signing and user authentication.
28 Jan
,
2025
3 Apr
,
2025
eSignatures
Announcements

eID Easy First to Bring Ukraine’s Diia.Signature to the EU for Legally Valid Signing

Read article