On this page you will find the root CA certificates used to issue all ECDSA signing keys used in BankID OIDC.
To activate the new token signing keys, you must update your integration to Version 3 of the BankID OIDC API.
Download the certificates below for the given environment and use it to validate the certificate chain of all ECDSA keys received by BankID OIDC.
We will always announce when it is time for CA certificates to be renewed. The new certificates will always be published on this page.
The JWKs endpoints will return keys with the claims x5t, x5t#S256 and x5c. for the x5c chain are published below per environment.
If the Tokens signatures are not valid, the signing key should not be trusted and you should immediately investigate if you are a victim of a "man-in-the-middle" attack.
Value | Detalis |
|---|---|
Valid until | April 28, 2035 |
Serial # | 100 (0x64) |
SHA1 Fingerprint | D7:9F:0C:6F:28:B5:0D:4D:9C:57:78:AC:DB:2B:33:5A:FF:F9:1E:5D |
SHA256 Fingerprint | 7A:58:B1:48:21:20:00:2E:C8:DB:80:44:20:5D:0C:77:10:B2:7C:34:7D:54:31:35:47:A4:EE:A7:9B:48:DE:9F |
Value | Details |
|---|---|
Valid until | Mar 6, 2035 |
Serial # | 100 (0x64) |
SHA1 Fingerprint | 88:7B:59:79:6A:B4:2E:F8:44:02:EB:39:A8:1C:AE:3C:7C:33:C2:02 |
SHA256 Fingerprint: | 4D:26:18:86:F0:81:AE:AA:6B:AD:59:00:8B:F2:E9:BF:93:05:30:77:A6:25:6A:AA:FA:0E:85:5F:C3:A7:64:68 |