February 6, 2018: As of the 9th of July 2018, there will be no more issuing of certificates under the "Deutsche Telekom Root CA 2"

On July 9, 2019 (11:59 pm) the validity period of the root certification authority "Deutsche Telekom Root CA 2" ends. At the latest from this point in time, end entity certificates can no longer be issued by the intermediate certification authority (Sub CA) "Shared Business CA 4". All previously issued certificates will then expire.

Alternatively the root certification authority (Root CA) "T-TeleSec GlobalRoot Class 2" is already available to you, which is expected to be usable until October 01, 2033: This root CA certificate is already preinstalled in the certificate store of the most operating systems and browsers as "trustworthy" (trust anchor).

Please check the certificate issuer (intermediate or sub certification authority) of the end entity certificates. In case you still using the "Shared Business CA 4", please contact us immediately.

October 27, 2016: Important changes for certificates using SHA1 hash algorithm which were issued by a public CA.

The well-known operating system and browser manufacturers have recently announced to refer to applications using certificates which were issued by a public CA with signature hash algorithm SHA-1 for TLS / SSL-secured connections (protocol https) as of January 1, 2017.

The hints range from: "The lock icon is no longer displayed", via "The icon lock symbol appears red or open" to "This connection is no longer trustworthy" or similar.

Detailed information can be found on the Internet, for example, using the search terms "SHA1, SHA-1 or SHA1 deprecation". Here is an example:

Link: http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx?PageIndex=2

If you are still using certificates with the signature hash algorithm SHA-1, you must expect restrictions from January 1, 2017.

For solving the problem a new server certificate with signature hash algorithm SHA-256 should be issued.

Support for TLS/SSL certificates with SHA1 hash functions (secure hash algorithm) will end on December 15, 2015

The T-Systems Trust Center will cease to support the SHA-1 hash function on December 15, 2015. As the SHA-1 hash function has security flaws, TLS/SSL certificates will no longer be issued from a public sub-CA (Shared Business CA 3) with SHA-1 as of this date, even on request.

T-Systems thus meets the requirements of the current CA/Browser Forum Baseline Requirement BR-1.3.0..

T-Systems has updated all certification authorities of Shared Business CA for some time now and provides the SHA-256 hash function for all new products. In this case please contact the Service Desk:
phone: +49 1805-268204 Festnetz: 0,14 € / Minute, Mobilfunknetz: max. 0,42 € / Minute
e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.

For more information please refer to the Service Level Agreement (SLA).

All older SHA-1 certificates with a validity period beyond December 31, 2016 will be revoked at the latest on December 1, 2016.