-
Notifications
You must be signed in to change notification settings - Fork 18
Implementing HTTPS pinning
Anyone who is using Smart-ID API needs to make sure that the connection endpoint is authentic and that the connection is secure. This is required to prevent MITM attacks for the authentication and signature protocols. This requirement is described in detail also here: https://github.com/SK-EID/smart-id-documentation#226-rp-api-endpoint-authentication
| Serial number (HEX) | Validity | Status | Download |
|---|---|---|---|
| 0E20714E18D8C3BEE183CC07F74EA14E | 2024.09.18 00:00.00 - 2025.10.20 23:59:59 |
in use from 10.10.2024 | DER, PEM |
| 0DBC12F684D97E77F23969C80B4145CF | 2023.09.14 00:00.00 - 2024.10.15 23:59:59 |
in use from 12.10.2023 | DER, PEM |
Important
New certificate is issued by new intermediate certificate (DigiCert Global G2 TLS RSA SHA256 2020 CA1), which itself is issued by new root (DigiCert Global Root G2) certificate. Certificates are found here.
Using smart-id-java-client one can comply with the requirement without importing anything directly to Java. But it requires changes in the code.
Same functionality as Smart-ID-Java-Client is available with the new smart-id-php-client.
Systems running on other platforms must achieve the same result using methods suitable for these particular platforms. SK ID Solutions is not providing sample client libraries for other platforms besides Java and PHP.