gematik-Roots (2048)

D-TRUST operates the root CA for CV certificates on behalf of gematik GmbH.

You can obtain the root CV CA certificates here along with the pertinent public key for generation 1 cards:

The fingerprints were calculated with the SHA-256 algorithm, in each case via the certificate or key file, respectively. We will be pleased to send you the fingerprints on paper by post. Please send us an e-mail with your postal address.

To apply for a second-level CV-CA certificate, you must first register with gematik GmbH. If you were already successfully registered for a CV-CA certificate, 1024/SHA-1, you will not need to register again as along as the old registration is still valid.

Following successful registration or with a valid registration with gematik GmbH, please forward to us by post the completed application form for a CV-CA certificate.

As soon as we receive your application, we will contact you to make an appointment.

The certificate will be generated at D-TRUST in Berlin. The applicant must bring the data needed to generate the certificate to us in person on a USB stick as a PCKS#10 request. For this appointment, the applicant is required to furnish ID in the form of a valid ID card or passport.

To create the PKCS#10 request (SHA-256), you can download here in a ZIP file a free Java tool and a PKCS#10 request (SHA-256) as an example. We do not assume any warranty for this tool.

If you have any question, please send an e-mail to: gematik [at] or call +49 (0) 30 25 98 - 0.