This information is intended for developers and owners of services using BankID.
We will include SAN (Subject Alternative Name) in the server certificate used to protect the BankID Service. This change should not have any impact on your service, the SAN is a standard extension and has been used to protect web sites for many years. The change has already been done in the test environment.
Note: This information is also a reminder of our recommendation to only add the CA certificate as trusted in your service. If you also added the server certificate, your service will fail when we replace the server certificate.
The following summarizes the changes:
- We will include SAN in the server certificate protecting appapi2.bankid.com
- The server certificate is planned to be replaced in mid April 2020
- The CA certificate that issues the server certificate is not changed.
- The change has already been done (since January 2020) in the test environment appapi2.test.bankid.com
- We regularly change the server certificate. We remind you to not explicitly trust or pin the server certificate. Only the CA certificate should be explicitly trusted.
Details are found in “BankID Relying Party Guidelines” available at https://www.bankid.com/bankid-i-dina-tjanster/rp-info.
Please study the guidelines and the FAQ at https://www.bankid.com/bankid-i-dina-tjanster/rp-info carefully before posting questions to us. Any remaining technical questions may be directed to email@example.com. For other questions we refer to the bank or vendor with which you have the BankID service agreement.