-
Notifications
You must be signed in to change notification settings - Fork 7
New Thales ID Cards in Estonia 2025
Starting in November 2025, Thales will replace IDEMIA as the producer of Estonia’s ID-cards. The trust services for the new Thales ID-cards will be provided by Zetes Estonia. Thales test cards are available to e-service providers for testing ID-card authentication and digital signing solutions. More information about the Thales ID-cards is available here.
To support Thales test ID-cards in an application that uses ID-card authentication with Web eID, you must add the Zetes Estonia intermediate CA certificate to the list of trusted intermediate certificate authorities.
The recommended approach is to use a truststore file to load the CA certificate as demonstrated in the Web eID Spring Boot example application. Alternatively, you can use the eu.webeid.security.certificate.CertificateLoader helper class to load it from resources.
All trusted certificates, including the new one, must be provided as arguments to AuthTokenValidatorBuilder().withTrustedCertificateAuthorities().
The production intermediate certificate ESTEID2025.crt is available here: https://crt.eidpki.ee/ESTEID2025.crt.
Here is the example application pull request that adds TestESTEID2025.crt to trusted certificates in the prod profile: https://github.com/web-eid/web-eid-authtoken-validation-java/pull/91.
Note that the example application automatically loads all certificates with the .cer file extension from the corresponding resources directory. For this reason ESTEID2025.crt was renamed to ESTEID2025.cer in the pull request.
The test intermediate certificate TestESTEID2025.crt is available here: http://crt-test.eidpki.ee/testESTEID2025.crt.
Here is the example application pull request that adds TestESTEID2025.crt to trusted certificates in the dev profile: https://github.com/web-eid/web-eid-spring-boot-example/pull/59.
Note that the example application automatically loads all certificates with the .cer file extension from the corresponding resources directory. For this reason TestESTEID2025.crt was renamed to TestESTEID2025.cer in the pull request.