Depending on the selected product and product variant, we offer different CAs. The selection defines the Root-CA (trust anchor). Get an impression of the specific benefits to find your suitable product.
In the compatibility list you can see all operating systems and applications, where the T-Systems Root-CA's are integrated.

ROOT-CA selection (name in the certificate order) TeleSec
Class 2 CA
(EV only)
Root-CA: T-TeleSec GlobalRoot Class 2 (SHA256)
Sub-CA: TeleSec ServerPass Class 2 CA (SHA256)
Root-CA: Deutsche Telekom Root CA 2 (SHA1)
Sub-CA: TeleSec ServerPass DE-2 (SHA256)
Root-CA: T-TeleSec GlobalRoot Class 3 (SHA256)
Sub-CA: TeleSec ServerPass Extended Validation Class 3 CA (SHA256)
The commonName (CN) is also written into the first subjectAltName-field (SAN)
Free additional option: for a CN without "www." the CN will be supplemented by "www." and written into the second SAN-field
Free additional option: for a CN with "www." the CN will be truncated by "www." and written into the second SAN-field
Chain of trust complete "Made in Germany"
Root-CA (SHA1 ⁄ SHA256)
Sub-CA (SHA256)
Encryption up to 256 bit
Minimal key length 2048 bit
ETSI certified
ETSI EN 319 411-2 / QCP-w (eIDAS) certified EU Vertrauenssigel
ServerPass Standard (also wildcard)
wildcard character (*) allowed
ServerPass SAN/UC
more SAN entries
Extended Validation
Organisation Validation (Domain Validation included)
Domain Validation only
Unlimited license
Integrated into current browsers
Re-Issue (free of charge)
Renewal 1-2 years
Validity 1 or 2
1 or 2
1 or 2
OCSP (Online Certificate Status Protocol)
Reminder e-mail before expiration of the validity
Cost saving by long term commitment up to 10% up to 10% up to 10%