Glossary  | FAQ  | Contact  | Imprint  |  Deutsche Sprache auswählen

TeleTrusT project

TeleTrusT – IT Security Association Germany Logo

Certificate Trust List

...with certificate lists

An operating system regularly supports only certain Root CAs, mostly those of public trust centers. In comparison, Root CAs of corporate PKIs are not in the operating system and therefore must be manually installed.

A Certificate Trust List (CTL) is available free of charge to facilitate the installation of Root CAs for communication partner of EBCA participants. While installing certificate lists the user will be asked to verify the integrity for each certificate via a so-called fingerprint. The EBCA has already applied this procedure: only the signed list should be downloaded and verified.

The list will then be transferred to a so-called PKCS#7 container, adapted for immediate own certificate repository. Download current lists and the signature certificate here.

Root CA list of EBCA participants

170602_TeleTrusT_EBCA_Root-CA-CT.p7b

Unsigned Root CA CTL

170602_TeleTrusT_EBCA_Root-CA-CTL.pfx

...for Thunderbird and Co. (Password is "EBCA")

170602_TeleTrusT_EBCA_Root-CA-CT.p7b.pkcs7

Signed Root CA CTL

170602_TeleTrusT_EBCA_Root-CA-CTL.pfx.pkcs7

...for Thunderbird and Co. (Password is "EBCA")

Optionally Sub-CAs can also be installed to ensure that the certificate chain is complete. This principle complies with the principle of Root CAs. However, we would like to leave it to users to decide which Sub CAs should to be installed. They are hence grouped depending on the EBCA participating organization.

Sub CA certificate lists of the EBCA participants

Download Sub CA lists here:

Sub CA lists of the EBCA participants

Signature certificate of the European Bridge CA

European_Bridge_CA_4.cer

Fingerprint = ‎fb bd d6 c9 3f 37 ec 05 8c eb fc d9 b8 03 19 dd 0d 2c 5a 0c

Details for verification, installation and content of the list

The electronic signature of CTL can be verified online with your browser without installing reader software with SecSigner Online Tool. Download of installable CTL is also possible then. A Java Applet will be started by loading the website. All you need is a Java Plugin version 1.4.2_08 or higher.

Start SecSigner® Online

Learn more about the function of the signature verification and the installation of CTL.  

Instruction on Verification with SecSigner® Online
Instruction on Installation of CTL

These instructions are available to download

EBCA_Guide_EN_Enable_trust.pdf

Guidelines with instruction on enabling trust

1.1 M

Root CAs or Sub CAs, which are contained in CTL, are summarized in a table.

List of Root CAs
List of Sub CAs