diff --git a/README.md b/README.md
index 040cce724..8a44eeb70 100644
--- a/README.md
+++ b/README.md
@@ -183,7 +183,7 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
   SSLVerifyClient none
   SSLVerifyDepth 1
   SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem
-  SSLCARevocationFile /home/registry/registry/shared/ca/crl/crl.pem
+  SSLCARevocationPath /home/registry/registry/shared/ca/crl
   # Uncomment in Apache 2.4
   # SSLCARevocationCheck chain
 
@@ -192,6 +192,13 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
     SSLVerifyClient require
     RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
   </Location>
+
+  <Location /registrar/id>
+      SSLVerifyClient require
+      Options Indexes FollowSymLinks MultiViews
+      SSLVerifyDepth 2
+      SSLOptions +StdEnvVars +ExportCertData
+  </Location>
 </VirtualHost>
 ```
 
@@ -253,7 +260,7 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
   SSLVerifyClient none
   SSLVerifyDepth 1
   SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem
-  SSLCARevocationFile /home/registry/registry/shared/ca/crl/crl.pem
+  SSLCARevocationPath /home/registry/registry/shared/ca/crl
   # Uncomment in Apache 2.4
   # SSLCARevocationCheck chain
 
@@ -262,6 +269,13 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
     SSLVerifyClient require
     RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
   </Location>
+
+  <Location /registrant/id>
+      SSLVerifyClient require
+      Options Indexes FollowSymLinks MultiViews
+      SSLVerifyDepth 2
+      SSLOptions +StdEnvVars +ExportCertData
+  </Location>
 </VirtualHost>
 ```
 
@@ -282,7 +296,7 @@ For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp
   SSLVerifyClient none
   SSLVerifyDepth 1
   SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem
-  SSLCARevocationFile /home/registry/registry/shared/ca/crl/crl.pem
+  SSLCARevocationPath /home/registry/registry/shared/ca/crl
   SSLCARevocationCheck chain
 
   RequestHeader set SSL_CLIENT_S_DN_CN ""
@@ -314,7 +328,7 @@ Be sure to update paths to match your system configuration.
     SSLVerifyClient require
     SSLVerifyDepth 1
     SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem
-    SSLCARevocationFile /home/registry/registry/shared/ca/crl/crl.pem
+    SSLCARevocationPath /home/registry/registry/shared/ca/crl
     # Uncomment this when upgrading to apache 2.4:
     # SSLCARevocationCheck chain
 
diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb
index fad376c6e..1afffa201 100644
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@@ -45,6 +45,18 @@ class Registrar::SessionsController < ::SessionsController
   # rubocop:enable Metrics/CyclomaticComplexity
   # rubocop:enable Metrics/PerceivedComplexity
 
+  def id
+    @user = ApiUser.find_by_idc_data(request.env['SSL_CLIENT_S_DN'])
+
+    if @user
+      sign_in(@user, event: :authentication)
+      redirect_to registrant_root_url
+    else
+      flash[:alert] = t('no_such_user')
+      redirect_to registrar_login_url
+    end
+  end
+
   def login_mid
     @user = User.new
   end
@@ -55,7 +67,7 @@ class Registrar::SessionsController < ::SessionsController
 
     if Rails.env.test? && phone == "123"
       @user = ApiUser.find_by(identity_code: "14212128025")
-      sign_in(@user, event: :authentication) 
+      sign_in(@user, event: :authentication)
       return redirect_to registrar_root_url
     end
 
diff --git a/app/models/api_user.rb b/app/models/api_user.rb
index ca3f9a07a..4dca33a18 100644
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@@ -42,5 +42,14 @@ class ApiUser < User
   def queued_messages
     registrar.messages.queued
   end
+
+  class << self
+    def find_by_idc_data(idc_data)
+      return false if idc_data.blank?
+      identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first
+
+      find_by(identity_code: identity_code)
+    end
+  end
 end
 # rubocop: enable Metrics/ClassLength
diff --git a/app/views/registrar/sessions/login.haml b/app/views/registrar/sessions/login.haml
index 7c7772a5e..15586a645 100644
--- a/app/views/registrar/sessions/login.haml
+++ b/app/views/registrar/sessions/login.haml
@@ -15,7 +15,7 @@
     %hr
     = link_to '/registrar/login/mid' do
       = image_tag 'mid.gif'
-    -# = link_to '/registrar/login/id' do
-      -# = image_tag 'id_card.gif'
+    = link_to '/registrar/id', method: :post do
+      = image_tag 'id_card.gif'
 
 
diff --git a/config/routes.rb b/config/routes.rb
index d46d3f2b7..689c7f399 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -39,6 +39,7 @@ Rails.application.routes.draw do
       post 'login/mid_status' => 'sessions#mid_status'
 
       post 'sessions' => 'sessions#create'
+      post 'id' => 'sessions#id'
       post 'mid' => 'sessions#mid'
       get 'logout' => '/devise/sessions#destroy'
     end