Certificates & PKI

Digital certificates secure online banking and social networks, they are used for digital electricity meters and to login to digital town halls. They can be used by anybody or anything to prove their true identity in the online world. We help companies to prove identities without a trace of doubt and to enable highly secure Internet applications.

Icon SSL-Zertifikate

SSL certificates

Secure transmission of sensitive data during online communication

Icon Personenzertifikate

Personal certificates

Proving identities as well as signing and encrypting e-mails

Icon Maschinenzertifikate

Machine certificates

Securing M2M communication

Icon CMS

Managed PKI

Certificate management, request and administration


PSD2 certificates

Start implementing the PSD2 Directive with our live certificates

Ordering products

Would you like to order our SSL/TLS certificates or personal certificates? Then you have come to the right place! If you are a public agency, please contact us through our public agency support.

SSL certificates

An SSL certificate assures the user that a real and trusted person or institution is behind an Internet presence. It warrants that a website operator has unambiguously proven its identity and that the data transmitted between the server and computer is encrypted.

Depending on the specific security requirements, we offer website operators the SSL certificates they need: from the basic version right through to certificates with the highest validation level. Our certificate products are based on standard protocols and use the latest cryptotechnology. We are also the first provider in the EU to supply so-called Qualified Website Authentication Certificates (QWACs) in line with the eIDAS Regulation.

PSD2-compliant with qualified certificates and seals

The new EU Payment Services Directive PSD2 obliges banks to grant third party providers, such as FinTechs, access to their customers’ data if the customer has given his consent. eIDAS compliant Qualified Website Authentication Certificates (QWACs) will secure communication between banks and third parties in the future. The use of qualified seals (QSeals) is mandatory in order to legally seal service provider requests and to protect the sealed data from changes.

Bundesdruckerei offers a PSD2 bundle specifically for payment service providers. This bundle contains one QWAC and one QSeal as required by PSD2. 

For more information about PSD2, please go to our FAQs: https://www.bundesdruckerei.de/en/Service-Support/Service/Certificates-PSD2.

What SSL certificates can do:

  • Encrypt sensitive data
  • Display the green address line in the browser
  • Increase user trust
  • Prove the identity of a company
  • Improve ranking in search engines

What we offer:

  • 20 years of market experience
  • Request and verification process from a single source
  • Qualified trust services with the highest standards according to eIDAS
  • Information security management system accredited according to ISO 27001

Overview of SSL certificates

Advanced SSL ID Advanced EV SSL ID Advanced Wildcard SSL ID Qualified EV SSL ID Qualified Website PSD2 ID
Organization-validated SSL certificates Extended Validation SSL certificates with the highest validation level Securing any number of subdomains Qualified Website Authentication Certificate, legally binding according to eIDAS Extensions to ensure compatibility with PSD2
Green address line in the browser
Compatible with all known browsers
Secure any number of subdomains
Organization check
Compliant with the EU General Data Protection Regulation
Qualified according to eIDAS

Solutions & Products

Flyer SSL certificates

Your trusted presence on the net

File size: 355.91 KB

Format: PDF

Solutions & Products


Flyer Qualified website certificates in line with eIDAS

The highest level of trust for your website.

File size: 320.71 KB

Format: PDF

Personal certificates

Personal certificates secure communications between people. That's because employees at companies or institutions can use these certificates to prove their identity in various applications both within the company and outside. Examples of such applications include, for instance, e-mail encryption, access to company networks and the digital signing of documents.

Encrypting and signing e-mails

Personal certificates can also be used to encrypt and sign e-mails. These are important measures if you want to protect yourself against hacker attacks or to unambiguously identify yourself to the recipient of an e-mail as the sender.

Our certificates are also suitable for use on e-mail gateways or as a gateway ID. With an e-mail gateway, all e-mails that pass through your server are automatically signed with an advanced electronic signature and encrypted.

Accessing company networks

Companies must ensure that only authorized employees have access to specific data stored on the server, in the IT system or in the network. Employees can use their personal certificates to identify themselves to the systems. If the certificate fits, the employee will then have secure access to the systems and data. In order to enhance security even further, the certificate can also serve as the basis for two-factor authentication.

Signing documents

More and more companies in Germany are using electronic signatures in order to accelerate their signature and validation processes and to move away from paper-based processes. Personal certificates allow an advanced electronic signature to be applied to documents. This ensures the authenticity and integrity of the document and that a later modification does not go unnoticed.

What personal certificates can do

  • Secure access to servers, systems or networks through client authentication
  • Encrypt and sign e-mails
  • Sign documents

What we offer

  • 20 years of market experience
  • Request and verification process from a single source
  • Qualified trust services with the highest standards according to eIDAS
  • Information security management system accredited according to ISO 27001
80% of all cyberattacks are e-mail-based and this means that their contents need to be encrypted in order to prevent e-mail communications from being hacked. That’s why we have come up with a comprehensive security solution 'Made in Germany' that features Bundesdruckerei certificates and our encryption gateway.
Uwe Ulbrich, Managing Director, Net at Work GmbH

Overview of personal certificates

Personal ID Enterprise ID
Name, first name and e-mail address of an individual are included in the certificate In addition to the name, first name and the e-mail address of an individual, the name of the organization is also included in the certificate
E-mail encryption
E-mail signature
Organization entry
Document signature
Client authentication



Digital certificates: used every day, but almost unknown

The foundation for secure transactions on the net Survey: Only one in six Internet users can explain what this term means CeBIT: Bundesdruckerei presents solutions to be used with certificates PKI as a Service: cryptography at a press of a button from the cloud

File size: 146.89 KB

Format: PDF

Download file

Solutions & Products


Flyer Personal certificates

Secure transmission of sensitive data.

File size: 377.98 KB

Format: PDF

Do you have any questions? You can find the answers to frequently asked questions regarding our personal certificates in our Service & Support section.

Machine certificates

We supply machine certificates to ensure that your devices can communicate with each other (so-called M2M communication). These certificates provide the foundation for trust in the connected industries and on the Internet of Things. They provide each workpiece and each machine with an unambiguous identity that they can use in the digital world to identify themselves to connected devices, persons and systems. This ensures that only authorized devices can access your data and that communication between the devices is secure.

Our certificates are produced in Germany according to the highest security standards.
Machine certificates can only be purchased via the Certificate Service Manager (CSM), Bundesdruckerei's managed PKI platform, and not in the form of individual requests.

Machine certificates in use                 

  • Secure authentication and encryption on the Internet of Things: Using machine certificates, a smart meter, for instance, can authenticate itself to the public network and can communicate with the terminal device in an encrypted manner.
  • Securing production environments and access by remote maintenance in Industry 4.0: Certificates such as the Advanced Device ID ensure that remote production environments, for instance, are accessed via a public network through a secure channel.
  • Secure authentication and communication for autonomous driving: Thanks to secured authentication of devices and encrypted communication between the vehicle and a device, traffic lights and the vehicle, for instance, can interact without disruption.

What machine certificates can do

  • Secure machine-to-machine communication (M2M)
  • Unambiguous identification and authentication of devices and systems
  • Secure communication between devices and systems

What we offer

  • 20 years of experience in the implementation and operation of Public Key Infrastructures (PKI)
  • Automated provision of machine certificates via the CSM
  • IoT security provided by experts

Solutions & Products


Flyer Machine certificates

Secure M2M communication.

File size: 392.23 KB

Format: PDF

Managed PKI

The Certificate Service Manager (CSM) is a web-based managed PKI solution for organizations that apply for certificates several times a year. Companies can manage, request and administer their certificates themselves - on a single platform. This reduces time and costs. You the user always have full control of your certificate stock while we ensure maximum security. Access for authorized users to the web portal is secured with SSL and smartcard certificates.

What Managed PKI can do

  • Central management of all your certificates
  • Direct provision of the certificates following an initial identity check
  • Finely graded user authorization levels
  • Integration of the PKI API into your digital workflow
  • Registration of several organizations in one customer account

What we offer

  • Outstanding security
  • 20 years of expertise with our trust service provider D-TRUST
  • Central management of the entire certificate stock with maximum cost control
  • Reliable support services provided by Bundesdruckerei's experts

Solutions & Products


Certificate Service Manager (CSM) - Managed PKI Platform

Efficient management and issuance of digital certificates

File size: 619.33 KB

Format: PDF