diff --git a/keyfetch/fetch.go b/keyfetch/fetch.go
index 3fb1251..a01a613 100644
--- a/keyfetch/fetch.go
+++ b/keyfetch/fetch.go
@@ -83,7 +83,8 @@ func JWKs(jwksurl string) (publicKeysMap, error) {
 	if maps, keys, err := uncached.JWKs(jwksurl); nil != err {
 		return nil, err
 	} else {
-		cacheKeys(maps, keys, strings.Replace(jwksurl, ".well-known/jwks.json", "", 1))
+		iss := strings.Replace(jwksurl, ".well-known/jwks.json", "", 1)
+		cacheKeys(maps, keys, iss)
 		return keys, err
 	}
 }
@@ -197,6 +198,7 @@ func cacheKeys(maps map[string]map[string]string, keys map[string]keypairs.Publi
 		if "" != m["iss"] {
 			iss = m["iss"]
 		}
+		iss = normalizeIssuer(iss)
 		cacheKey(m["kid"], iss, m["exp"], key)
 	}
 }
@@ -241,5 +243,5 @@ func clear() {
 }
 
 func normalizeIssuer(iss string) string {
-	return strings.TrimRight(iss, "/") + "/"
+	return strings.TrimRight(iss, "/")
 }
diff --git a/keyfetch/uncached/fetch.go b/keyfetch/uncached/fetch.go
index 9914996..11309b3 100644
--- a/keyfetch/uncached/fetch.go
+++ b/keyfetch/uncached/fetch.go
@@ -36,11 +36,8 @@ func OIDCJWKs(baseURL string) (map[string]map[string]string, map[string]keypairs
 // WellKnownJWKs calls JWKs with baseURL + /.well-known/jwks.json as constructs the jwks_uri
 func WellKnownJWKs(baseURL string) (map[string]map[string]string, map[string]keypairs.PublicKey, error) {
 	baseURL = normalizeBaseURL(baseURL)
-	if '/' == baseURL[len(baseURL)-1] {
-		baseURL = baseURL[:len(baseURL)-1]
-	}
 
-	return JWKs(baseURL + "/.well-known/jwks.json")
+	return JWKs(baseURL + ".well-known/jwks.json")
 }
 
 // JWKs fetches and parses a jwks.json (assuming well-known format)