Certificate Trust List

An operating system regularly supports only certain Root CAs, mostly those of public trust centers. In comparison, Root CAs of corporate PKIs are not in the operating system and therefore must be manually installed.

A Certificate Trust List (CTL) is available free of charge to facilitate the installation of Root CAs for communication partner of EBCA participants. While installing certificate lists the user will be asked to verify the integrity for each certificate via a so-called fingerprint. The EBCA has already applied this procedure: only the signed list should be downloaded and verified.

The list will then be transferred to a so-called PKCS#7 container, adapted for immediate own certificate repository. Download current lists and the signature certificate here.

Download Root CA lists here:

Root CA list of EBCA participants

Optionally Sub-CAs can also be installed to ensure that the certificate chain is complete. This principle complies with the principle of Root CAs. However, we would like to leave it to users to decide which Sub CAs should to be installed. They are hence grouped depending on the EBCA participating organization.

Download Sub CA lists here:

Sub CA lists of the EBCA participants

The electronic signature of CTL can be verified online with your browser without installing reader software with SecSigner Online Tool. Download of installable CTL is also possible then. A Java Applet will be started by loading the website. All you need is a Java Plugin version 1.4.2_08 or higher.

Start SecSigner® Online

Learn more about the function of the signature verification and the installation of CTL.  

Instruction on verification with SecSigner® Online
Instruction on installation of CTL