BankID OIDC Root Certificates

Download the certificates below for the given environment and use it to validate the certificate chain of all JWK keys received by BankID OIDC.

We will always announce when it is time for CA certificates to be renewed. The new certificates will always be published on this page.

x5c Certificate chain

The JWKs endpoints will return keys with the claims x5t, x5t#S256 and x5c. for the x5c chain are published below per environment.

The downloaded certificate shall be equal to the value found in the last entry in the certificate chain.
The first entry in the chain shall contain the key defined by the JWK itself.

If the Tokens signatures are not valid, the signing key should not be trusted and you should immediately investigate if you are a victim of a "man-in-the-middle" attack.

Production

Value	Detalis
Valid until	11/11/2032
Serial #	3b:25:20:a7:c8:88:8c:0f:c5:20:e3:c4:36:c7:e9:b4:37:6b:f3:41
SHA1 Fingerprint	79:62:0F:8C:83:20:92:66:E6:FD:16:C5:E7:10:15:A9:7B:8C:81:15
SHA256 Fingerprint	31:61:E1:DA:3D:E6:C9:7C:61:4A:F1:3E:A3:DC:C4:4C:D0:75:60:5B:9D:32:C6:64:30:38:C8:18:1B:DD:EA:F8

Download PEM (production)

Current

Value	Details
Valid until	12/11/2032
Serial #	37:34:0a:d2:7d:20:5a:3b:fb:4a:af:0e:fb:9f:45:e3:0b:a1:be:24
SHA1 Fingerprint	A0:DE:E7:FC:75:3A:69:1F:C6:A8:AD:E6:1D:9D:EB:C1:E1:14:DC:62
SHA256 Fingerprint:	C5:D5:FA:88:2D:E4:24:FB:93:7F:3F:AF:A8:BE:A4:32:C7:0A:B5:F0:7A:07:66:6C:ED:32:7A:A2:A3:16:F3:B0

Download PEM (current)

Preprod

Value	Details
Valid until:	7/11/2032
Serial #	21:98:d2:dd:82:7b:85:91:44:e8:7e:22:49:6c:71:38:df:71:d9:a9
SHA1 Fingerprint	99:5C:CB:A4:98:D7:34:A0:8F:6D:38:D2:EA:6F:E9:63:40:66:C9:1A
SHA256 Fingerprint	7E:22:7F:B4:47:C4:D4:9E:57:3D:AA:85:B8:0F:AA:BD:98:D4:E5:A1:4D:17:B6:B6:7E:BE:59:0C:D0:E2:7F:E4

Download PEM (preprod)