Certificate used for signing Suomi.fi e-Identification SAML messages has been replaced in the test environment

Certificate used for signing Suomi.fi e-Identification SAML messages has been replaced in the test environment

The certificates used for signing Suomi.fi e-Identification SAML messages will be replaced because the current certificates are expiring.

The certificate has now been replaced in the test environment

The test environment’s new, signed metadata has published on 7 April at https://static.apro.tunnistus.fi/static/metadata/idp-metadata.xmOpens in a new window.lOpens in a new window.. The new double-certificate metadata contains both the new certificate and the current one.

If you haven’t implemented the changes already, do the following immediately:

1. Take into use the new Suomi.fi e-Identification test environment double-certificate metadata as soon as possible and check that it works normally in your test service. The new metadata can be downloaded at https://static.apro.tunnistus.fi/static/metadata/idp-metadata.xmlOpens in a new window..

2. If it emerges within the tests that the customer service is not able to use the double-certificate metadata, a secondary single-certificate metadata must be implemented. This metadata only has the new certificate. This metadata can be taken into use on this day as the signature certificate has been replaced in the test environment. The secondary metadata has been published at https://static.apro.tunnistus.fi/static/metadata/idp-metadata-secondary.xmlOpens in a new window..

The signing certificates for the test environment idP metadata files of the Suomi.fiOpens in a new window. e-Identification will change. They have been published and can be found at https://kehittajille.suomi.fi/services/e-identification/how-to-implement-the-technical-setup-of-the-identification-service/metadata/e-identification-idp-metadata-signing-certificates.

If you observe any problems in your customer service because of the change, please get in touch at tunnistus-kayttoonotot@dvv.fi.

Changing certificates in the production environment

The new certificate for the production environment will be taken into use on 19 May 2026 at 10 o'clock. The changing of the signature certificate for the production environment means that customer services must take new metadata into use. We will publish the metadata containing the new certificates on 5 May 2026 at https://tunnistus.suomi.fi/static/metadata/idp-metadata.xmlOpens in a new window..

Customer services have two options for the implementation of the new certificate for the production environment.

1. The use of transitional metadata

If your customer service supports the simultaneous use of two certificates, you can use the transitional metadata. In this way, the implementation of the new signature certificate can be flexibly carried out beforehand. Using the transitional metadata, Suomi.fiOpens in a new window. e-Identification works with both the current signature certificate and the new certificate to be brought in on 19 May 2026.

2.  Implementing the new metadata directly

If your customer service does not support the simultaneous use of two certificates, the new metadata must be implemented in your customer service at the same time as it is changed in Suomi.fiOpens in a new window. e-Identification, on 19 May 2026 at 10 o'clock.

We will provide separate notification for customer services on the changing of the production environment certificate in May.

Timetable for change of certificate

21 April 2026 Testing environment certificate changes at 10 a.m.

5 May 2026 Publication of metadata containing new certificate for the production environment

19 May 2026 Production environment certificate changes at 10 a.m.