Obtaining and trusting the TID certificate chain

Obtaining the TID certificate chain

The ASP can obtain the TID certificate chain (root, intermediate, and leaf) in one of the following ways:

  • Via e-mail

    The ASP can contact OneSpan by e-mail, and OneSpan will provide public certificates in the PEM format.

    The e-mail from the ASP should at least include the following:

  • Using a web browser

    The ASP can navigate to their specific environment and then view and/or export certificates. The environments use the following URLs:


    • Staging environment: https://asp-name.staging.eu1.tid.onespan.cloud
    • Production environment: https://asp-name.prod.eu1.tid.onespan.cloud

    North America:

    • Staging environment: https://asp-name.staging.na1.tid.onespan.cloud
    • Production environment: https://asp-name.prod.na1.tid.onespan.cloud

    asp-name is an identifier of the ASP defined by OneSpan; OneSpan provides it to the ASP during setup.

Trusting the TID certificate chain

The ASP has to ensure that the software application used to access the TID platform trusts the TID certificate chain. This means that the ASP should at least trust the TID root CA.