Certificate Trust List
...with certificate lists
An operating system regularly supports only certain Root CAs, mostly those of public trust centers. In comparison, Root CAs of corporate PKIs are not in the operating system and therefore must be manually installed.
A Certificate Trust List (CTL) is available free of charge to facilitate the installation of Root CAs for communication partner of EBCA participants. While installing certificate lists the user will be asked to verify the integrity for each certificate via a so-called fingerprint. The EBCA has already applied this procedure: only the signed list should be downloaded and verified.
The list will then be transferred to a so-called PKCS#7 container, adapted for immediate own certificate repository. Download current lists and the signature certificate here.
Root CA list of EBCA participants
Download Root CA lists here:
Root CA list of EBCA participants
Optionally Sub-CAs can also be installed to ensure that the certificate chain is complete. This principle complies with the principle of Root CAs. However, we would like to leave it to users to decide which Sub CAs should to be installed. They are hence grouped depending on the EBCA participating organization.
Sub CA certificate lists of the EBCA participants
Download Sub CA lists here:
Details for verification, installation and content of the list
The electronic signature of CTL can be verified online with your browser without installing reader software with SecSigner Online Tool. Download of installable CTL is also possible then. A Java Applet will be started by loading the website. All you need is a Java Plugin version 1.4.2_08 or higher.
Learn more about the function of the signature verification and the installation of CTL.
Instruction on verification with SecSigner® Online
Instruction on installation of CTL