23.08.2018 Important news

The CA Browser Forum has updated the policy for the release of TLS/SSL Certificates. Changes include the procedures for verifying domain ownership or domain control. As of August 1, 2018, only the procedures described in chapter of the Baseline Requirements will be available. For this reason, orders in the customer portal as well as the domain review process has been adjusted accordingly. Updated information can be found here.

09.02.2018: Soon no more 3 year certificates

The CA browser forum has changed the requirements for public SSL/TLS certificates and starting March 1, 2018 will limit the maximum runtime to 825 days (27 months). Therefore after the 16th of February 2018, T-Systems will no longer issue 3 year certificates! Certificates issued prior to this date are not affected and shall remain valid.

06.02.2018: No more issuing of certificates under the Deutsche Telekom Root CA 2 as of the 9th of July 2018

On the 9th of July 2019 the Deutsche Telekom Root CA 2 will reach its "end of life" and will no longer be valid. Since certificates are not allowed to be issued during the Root's runtime, we will only issue certificates under this root up until the 9th of July 2018.

After July 9, 2018, [option DE-2] will be disabled. Next generation Root certificates are currently available. These certificates also provide the latest in technology for years ahead and are trusted in virtually all current operating systems and web browsers. You do not need to take any special precautions when implementing these components.

However, the new root certificate must be installed in all client and server applications for closed composite systems or specially adapted, individual customer solutions. If this has already been done, the transition will be seamless.

November 23th, 2017: ServerPass was added to the Trusted List of then European Commission

The Federal Office for Information Security confirmed with inclusion in the Trusted List of the European Commission, that the trust service TeleSec ServerPass fulfills the requirements defined in regulation Reg. (EU) No. 910/2014 (eIDAS) for creation of qualified certificates for website authentication.


20.10.2016: Important changes for certificates using the SHA1 hashing algorithm

As of January 01, 2017, most operating systems and webbrowsers will display warnings alerting users that their connection is not secure. There are many different styles, like „no lock icon“, „an opened lock icon“ or „a lock icon in red“, also warning pages are possible. You can find more information on the Internet using the search terms „SHA1, SHA-1 or SHA1 deprecation“. For example, Microsoft announced their Windows Enforcement of SHA1 Certificates“.

If you are still using certificates with SHA1 hashing algorithm, there might be restrictions from this time!

Therefore, we still offer the option - within the validity of the SHA-1 certificate - to migrate the affected certificate into a SHA-256 certificate, via myServerPass customer portal using <Re-Issue>. For a description, please have a look in the FAQ. How can I migrate an existing SHA-1 certificate into a SHA-256 certificate using Re-Issue?


19.10.2015: Support for TLS/SSL certificates with SHA1 hash functions (secure hash algorithm) will end on December 15, 2015

The T-Systems Trust Center will cease to support the SHA1 hash function on December 15, 2015. As the SHA1 hash function has security flaws, TLS/SSL certificates will no longer be issued with SHA1 as of this date, even on request.

T-Systems thus meets the requirements of the current CA/Browser Forum Baseline Requirement BR-1.3.0..

T-Systems has updated all ServerPass certification authorities for some time now and provides the SHA2 hash function for all new ServerPass products. Existing SHA1 certificates can be upgraded free of charge in the customer portal via <Re-Issue>.

All older SHA1 certificates with a validity period beyond December 31, 2016 will be blocked at the latest on December 1, 2016.


WebTrust Seal

T-Systems Trust Center fulfills the extensive AICPA / CICA WebTrust criteria for CA (Certification Authorities) and Extended Validation (EV) in 2014 and is allowed to use the coveted WebTrust seal.

An independent auditing company confirmed in uninterrupted succession the required quality certifications since 2008.

read more


No issuance of certificates with internal IP addresses or local hostname with a validity after 2015/10/31

Current information for TeleSec ServerPass

The CAs used for "ServerPass" meet the "Baseline Requirements for the Issuance and Management" of the CA / Browser Forum, see:


Accordance with the requirements "CA / Browser Forum Approves Baseline Requirements for SSL / TLS Certificates" from 2012/07/01, orders for SSL certificates which contain the internal IP addresses or local hostnames will be issued with a maximum validity until 2015/10/01. Therefore, henceforth such SSL certificates are no longer issued with a validity of 3 years.

Certificates of this type that were issued prior to 2012/07/01 will be blocked at the latest on 2016/01/10, if the certificate has not expired on that date.


This website uses only the technically necessary cookies to provide you with the best possible service.
More information can be found here. Ok