Note:

Sorry, we are still working on the translation of our website. Some information is currently only available in German.

Root Certificates

A Root Certificate is a self-signed certificate, which serves as a trust anchor for a certificate hierarchy and enables the validation of all certificates within the hierarchy.

The Trust Center of Deutsche Telekom Security GmbH operates multiple such Root Certificates, to which you can find more detailed information on this site.

You can read about the systems and applications in which our Root Certificates are integrated as trust anchor under Root Program > Root Compatibility.

Public Root Certificates

 

Telekom Security SMIME RSA Root 2023

Download Certificate
SHA384   -   RSA   -   4096
Validity period: 2023-03-28 - 2048-03-27
Fingerprint (SHA1): 893f6f1ce24d7ffbc3d3147a0580a7dee10a5e4d
Certificate revocation list (CRL): http://tssmrr23.crl.telesec.de/rl/Telekom_Security_SMIME_RSA_Root_2023.crl

 

Telekom Security TLS RSA Root 2023

Download Certificate
SHA384   -   RSA   -   4096
Validity period: 2023-03-28 - 2048-03-27
Fingerprint (SHA1): 54d3acb3bd5756f6859dcee5c321e2d4ad83d093
Certificate revocation list (CRL): http://tstlsrr23.crl.telesec.de/rl/Telekom_Security_TLS_RSA_Root_2023.crl

Testing websites:     Valid     |     Expired     |     Revoked

 

Telekom Security TLS ECC Root 2020

Download Certificate
SHA384   -   ECC   -   P384
Validity period: 2020-08-25 - 2045-08-25
Fingerprint (SHA1): c0f896c5a93b01062107da184248bce99d88d5ec
Certificate revocation list (CRL): http://tstlser20.crl.telesec.de/rl/Telekom_Security_TLS_ECC_Root_2020.crl

Testing websites:     Valid     |     Expired     |     Revoked

 

Telekom Security SMIME ECC Root 2021

Download Certificate
SHA384   -   ECC   -   P384
Validity period: 2021-03-18 - 2046-03-17
Fingerprint (SHA1): b7f91d98ec2593f35014849aa87e22103cc43927
Certificate revocation list (CRL): http://tssmer21.crl.telesec.de/rl/Telekom_Security_SMIME_ECC_Root_2021.crl

T-TeleSec GlobalRoot Class 2

Download Certificate
SHA256   -   RSA   -   2048
Validity period: 2008-10-01 - 2033-10-01
Fingerprint (SHA1): 590d2d7d884f402e617ea562321765cf17d894e9
Certificate revocation list (CRL): http://pki.telesec.de/rl/GlobalRoot_Class_2.crl

Testing websites:     Valid     |     Expired     |     Revoked

 

T-TeleSec GlobalRoot Class 3

Download Certificate
SHA256   -   RSA   -   2048
Validity period: 2008-10-01 - 2033-10-01
Fingerprint (SHA1): 55a6723ecbf2eccdc3237470199d2abe11e381d1
Certificate revocation list (CRL): http://pki.telesec.de/rl/GlobalRoot_Class_3.crl

Testing websites:     Valid     |     Expired     |     Revoked

Qualified Root Certificate

TeleSec qualified Root CA 1

Download Certificate
SHA512   -   ECC   -   P521
Validity period: 2017-04-05 - 2047-04-05
Fingerprint (SHA1): 90c6136c7defefe97cc764f9d2678ead03e55296
Certificate revocation list (CRL): http://pki.telesec.de/rl/TeleSec_qualified_Root_CA_1.crl

Internal Root Certificates

Deutsche Telekom Internal Root CA 1

Download Certificate
SHA1   -   RSA   -   2048
Validity period: 2007-11-15 - 2027-11-15
Fingerprint (SHA1): 15339aa230f5340e7bfcaafd754aa14cedd49858
Certificate revocation list (CRL): http://pki.telesec.de/rl/DT_Internal_Root_CA_1.crl

 

Deutsche Telekom Internal Root CA 2

Download Certificate
SHA256   -   RSA   -   2048
Validity period: 2017-08-03 - 2037-08-03
Fingerprint (SHA1): 12f714bdec4d2e3c2782ce1fcb8afe19b84aed8c
Certificate revocation list (CRL): http://pki.telesec.de/rl/DT_Internal_Root_CA_2.crl