23.08.2018 Important news

The CA Browser Forum has updated the policy for the release of TLS/SSL Certificates. Changes include the procedures for verifying domain ownership or domain control. As of August 1, 2018, only the procedures described in chapter of the Baseline Requirements will be available. For this reason, orders in the customer portal as well as the domain review process has been adjusted accordingly. Updated information can be found here.

03.05.2018 Announcement of maintenance work

On Thursday 03.05.2018 the service TeleSec ServerPass and the customer portal will probably not be available from 8:00 - 18:00 o'clock due to maintenance work.
New orders, renewals and blockings cannot be ordered or processed online during this period. During this period, blocking orders can be initiated by telephone via the hotline on +49 (0) 1805 268 204 (landlines: 0.14 EUR/minute, mobile networks: max. 0.42 EUR/minute).
We ask for your understanding.

09.02.2018: Soon no more 3 year certificates

The CA browser forum has changed the requirements for public SSL/TLS certificates and starting March 1, 2018 will limit the maximum runtime to 825 days (27 months). Therefore after the 16th of February 2018, T-Systems will no longer issue 3 year certificates! Certificates issued prior to this date are not affected and shall remain valid.

06.02.2018: No more issuing of certificates under the Deutsche Telekom Root CA 2 as of the 9th of July 2018

On the 9th of July 2019 the Deutsche Telekom Root CA 2 will reach its "end of life" and will no longer be valid. Since certificates are not allowed to be issued during the Root's runtime, we will only issue certificates under this root up until the 9th of July 2018.

After July 9, 2018, [option DE-2] will be disabled. Next generation Root certificates are currently available. These certificates also provide the latest in technology for years ahead and are trusted in virtually all current operating systems and web browsers. You do not need to take any special precautions when implementing these components.

However, the new root certificate must be installed in all client and server applications for closed composite systems or specially adapted, individual customer solutions. If this has already been done, the transition will be seamless.

November 23th, 2017: ServerPass was added to the Trusted List of then European Commission

The Federal Office for Information Security confirmed with inclusion in the Trusted List of the European Commission, that the trust service TeleSec ServerPass fulfills the requirements defined in regulation Reg. (EU) No. 910/2014 (eIDAS) for creation of qualified certificates for website authentication.


20.10.2016: Important changes for certificates using the SHA1 hashing algorithm

As of January 01, 2017, most operating systems and webbrowsers will display warnings alerting users that their connection is not secure. There are many different styles, like „no lock icon“, „an opened lock icon“ or „a lock icon in red“, also warning pages are possible. You can find more information on the Internet using the search terms „SHA1, SHA-1 or SHA1 deprecation“. For example, Microsoft announced their Windows Enforcement of SHA1 Certificates“.

If you are still using certificates with SHA1 hashing algorithm, there might be restrictions from this time!

Therefore, we still offer the option - within the validity of the SHA-1 certificate - to migrate the affected certificate into a SHA-256 certificate, via myServerPass customer portal using <Re-Issue>. For a description, please have a look in the FAQ. How can I migrate an existing SHA-1 certificate into a SHA-256 certificate using Re-Issue?


19.10.2015: Support for TLS/SSL certificates with SHA1 hash functions (secure hash algorithm) will end on December 15, 2015

The T-Systems Trust Center will cease to support the SHA1 hash function on December 15, 2015. As the SHA1 hash function has security flaws, TLS/SSL certificates will no longer be issued with SHA1 as of this date, even on request.

T-Systems thus meets the requirements of the current CA/Browser Forum Baseline Requirement BR-1.3.0..

T-Systems has updated all ServerPass certification authorities for some time now and provides the SHA2 hash function for all new ServerPass products. Existing SHA1 certificates can be upgraded free of charge in the customer portal via <Re-Issue>.

All older SHA1 certificates with a validity period beyond December 31, 2016 will be blocked at the latest on December 1, 2016.


ServerPass will start issuing extended validation certificates on October 22th

On October 22th ServerPass will start issuing ev-ssl-certificates (ev = extended validation). Browsers will indicate websites which are secured by ev-ssl-certificates with the EV green address bar.

Extended validation ssl certificates are X.509 ssl certificates issued according to a specific set of identity verification criteria. These criteria for issuing EV certificates are defined by the Guidelines for Extended Validation produced by the CA/Browser Forum. They require extensive verification of the requesting entity's identity by the certificate authority (CA) before a certificate is issued.

Extended validation ssl certificates are issued by the German root certificate ‘TeleSec ServerPass Extended Validation Class 3 CA’. This root certificate is included within actual browsers and operating systems.


WebTrust Seal

T-Systems Trust Center fulfills the extensive AICPA / CICA WebTrust criteria for CA (Certification Authorities) and Extended Validation (EV) in 2014 and is allowed to use the coveted WebTrust seal.

An independent auditing company confirmed in uninterrupted succession the required quality certifications since 2008.

read more


No issuance of certificates with internal IP addresses or local hostname with a validity after 2015/10/31

Current information for TeleSec ServerPass

The CAs used for "ServerPass" meet the "Baseline Requirements for the Issuance and Management" of the CA / Browser Forum, see:


Accordance with the requirements "CA / Browser Forum Approves Baseline Requirements for SSL / TLS Certificates" from 2012/07/01, orders for SSL certificates which contain the internal IP addresses or local hostnames will be issued with a maximum validity until 2015/10/01. Therefore, henceforth such SSL certificates are no longer issued with a validity of 3 years.

Certificates of this type that were issued prior to 2012/07/01 will be blocked at the latest on 2016/01/10, if the certificate has not expired on that date.


New root CA and CA certificate on December 16, 2010

Current information for TeleSec ServerPass
AFrom December 16, 2010, the certification hierarchy for TeleSec ServerPass will be updated. All certification authorities in the trust chain consistently offer the high quality level of 2048-bit RSARSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem., and thereby also future-proofing and planning security. With the changeover of the certification hierarchy, all certificates will only be issued by the TeleSec ServerPass CA 1 certification authority. At the top of the certification hierarchy is the internationally established Baltimore CyberTrust Root. This new trust anchor (root certificate) for TeleSec ServerPass offers you maximum market penetration and outstanding coverage of current applications.

Your benefits at a glance

  • Root selection is no longer required when ordering
  • Longer certificate terms reduce the effort of managing your server applications
  • Reduced costs by using certificates with a term of 2 or 3 years
  • Future-proofing through the use of modern security procedures
  • Planning security through long certificate terms

Other new features
With the new certification hierarchy, you can now order certificates with a term of 1, 2 or 3 years. Furthermore, we offer the new TeleSec ServerPass SAN/UCC for Microsoft Exchange & Office Communication Server 2007.

Important note
Please bear in mind that when installing ServerPass, the intermediate certificate is also installed. This avoids incompatibilities and irritating notices arising.


Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.