Document toolboxDocument toolbox

Validation keys

On this page you will find the root CA certificates used to issue all signing and encryption keys used in BankID OIDC.

Download the certificates below for the given environment and use it to validate the certificate chain of all JWK keys received by BankID OIDC.

We will always announce when it is time for CA certificates to be renewed. The new certificates will always be published on this page.

x5c Certificate chain

The JWKs endpoints will return keys with the claims x5t, x5t#S256 and x5c. for the x5c chain are published below per environment.

  • The downloaded certificate shall be equal to the value found in the last entry in the certificate chain.
  • The first entry in the chain shall contain the key defined by the JWK itself.
If the Tokens signatures are not valid, the signing key should not be trusted and you should immediately investigate if you are a victim of a "man-in-the-middle" attack.

Root Certificates

PRODUCTION

X5C CA for production environment - From 21.Nov.2022
-----BEGIN CERTIFICATE-----
MIIDyTCCAoagAwIBAgIUOyUgp8iIjA/FIOPENsfptDdr80EwOAYJKoZIhvcNAQEK
MCugDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBMEox
FDASBgNVBAMMC1g1Qy1DQS1QUk9EMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNVBAsM
C0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMjExMTQyMzI2NDZaFw0zMjEx
MTEyMzI2NDZaMEoxFDASBgNVBAMMC1g1Qy1DQS1QUk9EMQ8wDQYDVQQKDAZCSURC
QVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzCCASAwCwYJKoZI
hvcNAQEKA4IBDwAwggEKAoIBAQDiFCyOgojPYgxrzmlJrpN7u5jeP0tAAvHOz1X3
/vHP2EVl/yTc3Ze5a1qgP2gTNW5sPNavKyefEHVDL5vVSI0E0+RNAuGmv2EURQ1g
NaVBaJK5+9uwZw1TfOdyVm0gv0e6r3Jd2alPsiDlGR1zxykBF/YsCnXkdCxvHjQi
3RhWid59E2mH7RXJRmjd+ztggWOs36sgFHkQ9Z/hmKNb+zJICC26REkmm7SGNIJS
mr1zh0VjiKVVVi92xJj2QMyDygp1+zawl6/3NfbpmKwnLR9EOaJhXOffeE3oPZNW
x1nKwvwtZFg2Xm+ZVvFrfRDCEHvEkeBmGSfYgq5fqICjQjVTAgMBAAGjUzBRMB0G
A1UdDgQWBBS4L2UoLI6Cy2gyT5k0ee6G884MVDAfBgNVHSMEGDAWgBS4L2UoLI6C
y2gyT5k0ee6G884MVDAPBgNVHRMBAf8EBTADAQH/MDgGCSqGSIb3DQEBCjAroA0w
CwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAQOCAQEAFtgJ
V7SN11egN6UgQu2lMBPRIMz0wVeXkF/IWB9lUQnpG6amZVlWvJhj/s74YFdjIeVp
BuFC31Hz3szKpV1a0jHj96ny//rDkwEFMfiqVM1hfL6cc+T1ciE2dOJJ549DOy7c
GKuKbGDP0AIW/mdSOXDrtv144/pQoN6o4NvyblcFt+To7L+RDcy0C6HAHSdq+jCx
vreGXxgJWZXDSRxS3YLNgAfLKdGbTPECNzdrpAnDgD/LDZ+9Bqcr18479DZ5Mv2s
eZ1b/BUz5NiuvSVNkyy7OIw/kCj97URAs6FSYxbDmDfi0xFLN3V0ZkG3B8Gc5Ze/
6t+iwyMcWP4Sp1Il3A==
-----END CERTIFICATE-----

CURRENT (Primary Test environment)

X5C CA for CURRENT environment - From 21.Nov.2022
-----BEGIN CERTIFICATE-----
MIIDzzCCAoygAwIBAgIUNzQK0n0gWjv7Sq8O+59F4wuhviQwOAYJKoZIhvcNAQEK
MCugDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBME0x
FzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNV
BAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMjExMTUwMTQ1MDdaFw0z
MjExMTIwMTQ1MDdaME0xFzAVBgNVBAMMDlg1Qy1DQS1DVVJSRU5UMQ8wDQYDVQQK
DAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzCCASAw
CwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQC+Sh0wBeHALAJMipU/pxwLZBUlYpLe
su2BpNg7zCv/MFy6gkSd58iDXKltgj9jbErvjZCOqJvi+amlfBkozdSiksbDDFSw
jE92vwf0D44fH3EaUDM8AH1aBBzigYOu+jDX9S9i9wX3I0NWZPgGs3hdI/3IqTHw
asBrvWuS8NstS8KHkpnqXe7GtM/bpFvltqO6ViqrL7pA+PSMfSSmkAbP+ukucjV+
wcCBkPdmrKsnf2NdPKCfzhrsCsDkOgkU1obVvhyhXB6Fkm9RkMdV/pu+gdl7vKGI
WHKd6sF3xtB1SDpgvBZdPtrOnSOMkXR3+aExrdgcTq9azCT6JBM/3qsJAgMBAAGj
UzBRMB0GA1UdDgQWBBTiLKjoWoAC3zq+7/qGlBMJxJjhKzAfBgNVHSMEGDAWgBTi
LKjoWoAC3zq+7/qGlBMJxJjhKzAPBgNVHRMBAf8EBTADAQH/MDgGCSqGSIb3DQEB
CjAroA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAQOC
AQEAnnF1e3YKQzH3sVK1ros2ic/H2l3g69xP3cuJ+M+vL+37zesDfZdVHmEvLPEX
QACnOmMTEhTJTumecdvWXEfJQdONUKED4WmrAfsrLyy5XmChT5UJyFezx/F1zh52
kIVR9ijDtqiCyQL87Z8imK5zhRAQvM7rNNnP1tqjmvMLsVKOqS7GBl/y/GOmWpUg
9S6uOBXhJ6tv+JIkCb8YEb9N8l8QlLKQsNaN/+X+o8ZKDOGDq/5xuPmGj6E5pAEY
0eG2t+6uMf4tgl0koJ0cXufs9fQXuFNlOGrcqvWSGzz+EaFKVyh2nTnZ78195Xma
oyTZy99pARU/x1FrvejLBLz8zw==
-----END CERTIFICATE-----

PREPRODUCTION (Legacy test environment)

X5C CA for PREPROD environment - From 21.Nov.2022
-----BEGIN CERTIFICATE-----
MIIDzzCCAoygAwIBAgIUIZjS3YJ7hZFE6H4iSWxxON9x2akwOAYJKoZIhvcNAQEK
MCugDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBME0x
FzAVBgNVBAMMDlg1Qy1DQS1QUkVQUk9EMQ8wDQYDVQQKDAZCSURCQVgxFDASBgNV
BAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzAeFw0yMjExMTAxMTQ4MDZaFw0z
MjExMDcxMTQ4MDZaME0xFzAVBgNVBAMMDlg1Qy1DQS1QUkVQUk9EMQ8wDQYDVQQK
DAZCSURCQVgxFDASBgNVBAsMC0JBTktJRC1PSURDMQswCQYDVQQGEwJOTzCCASAw
CwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDRdPVrw9jn+dNPTdtIa0kU2DXOIwwT
oMdt8LdoJdh55XmlaRZnau8GdYmqPyiBY9D2tbQgUzU9RbRNkNt6+Pm41uTbnab7
aHLc69rRgkCi2AoCr/GuADvdm1OzbCr4LTfjYF4ADvSS6vfDcGY2v0KAKN/5bv7i
taV2Ziqn0yP1gYt/XITawGHPG0T4negGGN+nyNsffecRtABNPMBuVKEACGvoFnA5
4mJIera3jNr2ao8MtJLMHfwqAncL+jk/kUnooaD0C+WkthqrYKJ+0igSipk7a2zV
dcVILdheOaD87eqjhHL38hXHWJkTzrrPRQoikcNMVZA9NFg1r2MnAwxnAgMBAAGj
UzBRMB0GA1UdDgQWBBRsQo4+iamJz2K3T+zIyDun9ANiAzAfBgNVHSMEGDAWgBRs
Qo4+iamJz2K3T+zIyDun9ANiAzAPBgNVHRMBAf8EBTADAQH/MDgGCSqGSIb3DQEB
CjAroA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAQOC
AQEAeoNMPLMYXyhjjFYOdBunDUAO7BuVIB5h/g2cdQOguC1mXLUEnrGFqSv4hJtM
ZqI7pMQqCFIwqefXBqiVdQfBRA2F0PcoSTZnECXkou+0yfnXmRy3K4CIW6wtTc1E
39gUZUbA4UXIJfAUWzvZ6J1FK9+W7X+dQ+4uAbcZSrTridAvjvqL6XL/4np9W7oz
lUymBZSJMEpYRKeULKLXkgKwDbjBqc751t6ooJjLm/Ugn3fEjDcb6yma9nAx/WX9
H2UhOekgLF3WXGJ2QZfv+7t4L9+LuvXgBWXzbjkZufyrw+73brZqpguMZt7b/EZu
hugNdaQ6+GdNAMirvOc6XorB/g==
-----END CERTIFICATE-----