/
Validation keys
Validation keys
- Jan Åge Lavik
Owned by Jan Åge Lavik
Last updated: 23 Nov 2023Version comment
On this page you will find the root CA certificates used to issue all signing and encryption keys used in BankID OIDC.
Download the certificates below for the given environment and use it to validate the certificate chain of all JWK keys received by BankID OIDC.
We will always announce when it is time for CA certificates to be renewed. The new certificates will always be published on this page.
x5c Certificate chain
The JWKs endpoints will return keys with the claims x5t, x5t#S256 and x5c. for the x5c chain are published below per environment.
- The downloaded certificate shall be equal to the value found in the last entry in the certificate chain.
- The first entry in the chain shall contain the key defined by the JWK itself.
If the Tokens signatures are not valid, the signing key should not be trusted and you should immediately investigate if you are a victim of a "man-in-the-middle" attack.
Root Certificates
PRODUCTION
X5C CA for production environment - From 21.Nov.2022
-----BEGIN CERTIFICATE----- MIIDyTCCAoagAwIBAgIUOyUgp8iIjA/FIOPENsfptDdr80EwOAYJKoZIhvcNAQEK MCugDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBMEox FDASBgNVBAMMC1g1Qy1DQS1QUk9EMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNVBAsM C0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMjExMTQyMzI2NDZaFw0zMjEx MTEyMzI2NDZaMEoxFDASBgNVBAMMC1g1Qy1DQS1QUk9EMQ8wDQYDVQQKDAZCSURC QVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzCCASAwCwYJKoZI hvcNAQEKA4IBDwAwggEKAoIBAQDiFCyOgojPYgxrzmlJrpN7u5jeP0tAAvHOz1X3 /vHP2EVl/yTc3Ze5a1qgP2gTNW5sPNavKyefEHVDL5vVSI0E0+RNAuGmv2EURQ1g NaVBaJK5+9uwZw1TfOdyVm0gv0e6r3Jd2alPsiDlGR1zxykBF/YsCnXkdCxvHjQi 3RhWid59E2mH7RXJRmjd+ztggWOs36sgFHkQ9Z/hmKNb+zJICC26REkmm7SGNIJS mr1zh0VjiKVVVi92xJj2QMyDygp1+zawl6/3NfbpmKwnLR9EOaJhXOffeE3oPZNW x1nKwvwtZFg2Xm+ZVvFrfRDCEHvEkeBmGSfYgq5fqICjQjVTAgMBAAGjUzBRMB0G A1UdDgQWBBS4L2UoLI6Cy2gyT5k0ee6G884MVDAfBgNVHSMEGDAWgBS4L2UoLI6C y2gyT5k0ee6G884MVDAPBgNVHRMBAf8EBTADAQH/MDgGCSqGSIb3DQEBCjAroA0w CwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAQOCAQEAFtgJ V7SN11egN6UgQu2lMBPRIMz0wVeXkF/IWB9lUQnpG6amZVlWvJhj/s74YFdjIeVp BuFC31Hz3szKpV1a0jHj96ny//rDkwEFMfiqVM1hfL6cc+T1ciE2dOJJ549DOy7c GKuKbGDP0AIW/mdSOXDrtv144/pQoN6o4NvyblcFt+To7L+RDcy0C6HAHSdq+jCx vreGXxgJWZXDSRxS3YLNgAfLKdGbTPECNzdrpAnDgD/LDZ+9Bqcr18479DZ5Mv2s eZ1b/BUz5NiuvSVNkyy7OIw/kCj97URAs6FSYxbDmDfi0xFLN3V0ZkG3B8Gc5Ze/ 6t+iwyMcWP4Sp1Il3A== -----END CERTIFICATE-----
CURRENT (Primary Test environment)
X5C CA for CURRENT environment - From 21.Nov.2022
-----BEGIN CERTIFICATE----- MIIDzzCCAoygAwIBAgIUNzQK0n0gWjv7Sq8O+59F4wuhviQwOAYJKoZIhvcNAQEK MCugDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBME0x FzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNV BAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMjExMTUwMTQ1MDdaFw0z MjExMTIwMTQ1MDdaME0xFzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQK DAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzCCASAw CwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQC+Sh0wBeHALAJMipU/pxwLZBUlYpLe su2BpNg7zCv/MFy6gkSd58iDXKltgj9jbErvjZCOqJvi+amlfBkozdSiksbDDFSw jE92vwf0D44fH3EaUDM8AH1aBBzigYOu+jDX9S9i9wX3I0NWZPgGs3hdI/3IqTHw asBrvWuS8NstS8KHkpnqXe7GtM/bpFvltqO6ViqrL7pA+PSMfSSmkAbP+ukucjV+ wcCBkPdmrKsnf2NdPKCfzhrsCsDkOgkU1obVvhyhXB6Fkm9RkMdV/pu+gdl7vKGI WHKd6sF3xtB1SDpgvBZdPtrOnSOMkXR3+aExrdgcTq9azCT6JBM/3qsJAgMBAAGj UzBRMB0GA1UdDgQWBBTiLKjoWoAC3zq+7/qGlBMJxJjhKzAfBgNVHSMEGDAWgBTi LKjoWoAC3zq+7/qGlBMJxJjhKzAPBgNVHRMBAf8EBTADAQH/MDgGCSqGSIb3DQEB CjAroA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAQOC AQEAnnF1e3YKQzH3sVK1ros2ic/H2l3g69xP3cuJ+M+vL+37zesDfZdVHmEvLPEX QACnOmMTEhTJTumecdvWXEfJQdONUKED4WmrAfsrLyy5XmChT5UJyFezx/F1zh52 kIVR9ijDtqiCyQL87Z8imK5zhRAQvM7rNNnP1tqjmvMLsVKOqS7GBl/y/GOmWpUg 9S6uOBXhJ6tv+JIkCb8YEb9N8l8QlLKQsNaN/+X+o8ZKDOGDq/5xuPmGj6E5pAEY 0eG2t+6uMf4tgl0koJ0cXufs9fQXuFNlOGrcqvWSGzz+EaFKVyh2nTnZ78195Xma oyTZy99pARU/x1FrvejLBLz8zw== -----END CERTIFICATE-----
PREPRODUCTION (Legacy test environment)
X5C CA for PREPROD environment - From 21.Nov.2022
-----BEGIN CERTIFICATE----- MIIDzzCCAoygAwIBAgIUIZjS3YJ7hZFE6H4iSWxxON9x2akwOAYJKoZIhvcNAQEK MCugDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBME0x FzAVBgNVBAMMDlg1Qy1DQS1QUkVQUk9EMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNV BAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMjExMTAxMTQ4MDZaFw0z MjExMDcxMTQ4MDZaME0xFzAVBgNVBAMMDlg1Qy1DQS1QUkVQUk9EMQ8wDQYDVQQK DAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzCCASAw CwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDRdPVrw9jn+dNPTdtIa0kU2DXOIwwT oMdt8LdoJdh55XmlaRZnau8GdYmqPyiBY9D2tbQgUzU9RbRNkNt6+Pm41uTbnab7 aHLc69rRgkCi2AoCr/GuADvdm1OzbCr4LTfjYF4ADvSS6vfDcGY2v0KAKN/5bv7i taV2Ziqn0yP1gYt/XITawGHPG0T4negGGN+nyNsffecRtABNPMBuVKEACGvoFnA5 4mJIera3jNr2ao8MtJLMHfwqAncL+jk/kUnooaD0C+WkthqrYKJ+0igSipk7a2zV dcVILdheOaD87eqjhHL38hXHWJkTzrrPRQoikcNMVZA9NFg1r2MnAwxnAgMBAAGj UzBRMB0GA1UdDgQWBBRsQo4+iamJz2K3T+zIyDun9ANiAzAfBgNVHSMEGDAWgBRs Qo4+iamJz2K3T+zIyDun9ANiAzAPBgNVHRMBAf8EBTADAQH/MDgGCSqGSIb3DQEB CjAroA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAQOC AQEAeoNMPLMYXyhjjFYOdBunDUAO7BuVIB5h/g2cdQOguC1mXLUEnrGFqSv4hJtM ZqI7pMQqCFIwqefXBqiVdQfBRA2F0PcoSTZnECXkou+0yfnXmRy3K4CIW6wtTc1E 39gUZUbA4UXIJfAUWzvZ6J1FK9+W7X+dQ+4uAbcZSrTridAvjvqL6XL/4np9W7oz lUymBZSJMEpYRKeULKLXkgKwDbjBqc751t6ooJjLm/Ugn3fEjDcb6yma9nAx/WX9 H2UhOekgLF3WXGJ2QZfv+7t4L9+LuvXgBWXzbjkZufyrw+73brZqpguMZt7b/EZu hugNdaQ6+GdNAMirvOc6XorB/g== -----END CERTIFICATE-----
, multiple selections available,