Do you have questions about our SSL/TLS certificates? We will be pleased to assist you. You can find information in our FAQs section or you can contact our support team directly.
Latest information about using SSL certificates
As a trust service provider (CA) that issues publicly trusted certificates, we are particularly committed to supporting you in the practical use of SSL/TLS certificates. In this context, we would like to draw your attention to the fact that we rely on you to co-operate not just in in your interest, but also in order to ensure that the certificates and their contents can be trusted. Trust in SSL/TLS encrypted websites and online applications is based on this information.
At the same time, we, like any other CA that issues publicly trusted certificates worldwide, are obliged to investigate any indication of false or obsolete information, misuse, key compromise, or encoding errors in or by SSL/TLS certificates, and to revoke such certificates, if necessary. The reasons for revocation are laid down, for instance, in our Certificate Policy (CP) and Certificate Practice Statements of D-TRUST GmbH (CPS) (see https://www.bundesdruckerei.de/en/Repository), by the CA/B Forum (www.cabforum.org), but also by browser manufacturers in their root store policies. If an analysis is required, we need your prompt co-operation and we truly appreciate your support in such matters.
In this context, we would especially like to point out that there may be situations in which we – like any other CA – are obliged to immediately revoke a certificate (period varying between ‘within 24 hours’ and ‘within 120 hours’). This has an immediate impact on your SSL/TLS secured service.
In this case, we will do everything together with you to ensure a smooth transition between the old and the new certificate. Your prompt response will provide us with invaluable help in this process.
In light of this, it is very important to examine how you use the SSL/TLS certificates issued by us in your infrastructures. In particular, you should be able to replace certificates within 24 hours without this having any impact on your SSL/TLS secured service. Certain technologies, such as certificate pinning, may prove to be contra-productive in situations like these because you are dependent on how long it takes to publish a new certificate on all systems. If you have any questions regarding how to achieve greater agility when replacing certificates, please contact us.
This year, we will provide you with a whitepaper that describes how the different types of certificates can be used and takes a closer look at the issue of certificate agility.
We look forward to supporting you in the future with our Internet security products. Should you have any questions, please do not hesitate to contact us at support [at] bdr.de.
Download and frequent questions regarding root and issuer certificates
Our SSL certificates are issued on the basis of two different certificate chains, depending on the product focus:
1. Advanced SSL ID, Wild Card SSL ID
2. Advanced EV SSL ID
More information about Security issue notification