Root Certificates

A Root Certificate is a self-signed certificate, which serves as a trust anchor for a certificate hierarchy and enables the validation of all certificates within the hierarchy.

The Trust Center of Deutsche Telekom Security GmbH operates multiple such Root Certificates, to which you can find more detailed information on this site.

You can read about the systems and applications in which our Root Certificates are integrated as trust anchor under Root Program > Root Compatibility.

Public Root Certificates

Telekom Security SMIME RSA Root 2023

Download Certificate

SHA384   -   RSA   -   4096
Validity period: 2023-03-28 - 2048-03-27
Fingerprint (SHA1): 893f6f1ce24d7ffbc3d3147a0580a7dee10a5e4d

Certificate revocation list (CRL): http://tssmrr23.crl.telesec.de/rl/Telekom_Security_SMIME_RSA_Root_2023.crl

Telekom Security TLS RSA Root 2023

Download Certificate

SHA384   -   RSA   -   4096
Validity period: 2023-03-28 - 2048-03-27
Fingerprint (SHA1): 54d3acb3bd5756f6859dcee5c321e2d4ad83d093

Certificate revocation list (CRL): http://tstlsrr23.crl.telesec.de/rl/Telekom_Security_TLS_RSA_Root_2023.crl

Testing websites:     Valid     |     Expired     |     Revoked

Telekom Security TLS ECC Root 2020

Download Certificate

SHA384   -   ECC   -   P384
Validity period: 2020-08-25 - 2045-08-25
Fingerprint (SHA1): c0f896c5a93b01062107da184248bce99d88d5ec

Certificate revocation list (CRL): http://tstlser20.crl.telesec.de/rl/Telekom_Security_TLS_ECC_Root_2020.crl


Testing websites:     Valid     |     Expired     |     Revoked

Telekom Security SMIME ECC Root 2021

Download Certificate

SHA384   -   ECC   -   P384
Validity period: 2021-03-18 - 2046-03-17
Fingerprint (SHA1): b7f91d98ec2593f35014849aa87e22103cc43927

Certificate revocation list (CRL): http://tssmer21.crl.telesec.de/rl/Telekom_Security_SMIME_ECC_Root_2021.crl

T-TeleSec GlobalRoot Class 2

Download Certificate

SHA256   -   RSA   -   2048
Validity period: 2008-10-01 - 2033-10-01
Fingerprint (SHA1): 590d2d7d884f402e617ea562321765cf17d894e9
Certificate revocation list (CRL): http://pki.telesec.de/rl/GlobalRoot_Class_2.crl

Testing websites:     Valid     |     Expired     |     Revoked

T-TeleSec GlobalRoot Class 3

Download Certificate

SHA256   -   RSA   -   2048
Validity period: 2008-10-01 - 2033-10-01
Fingerprint (SHA1): 55a6723ecbf2eccdc3237470199d2abe11e381d1
Certificate revocation list (CRL): http://pki.telesec.de/rl/GlobalRoot_Class_3.crl

Testing websites:     Valid     |     Expired     |     Revoked

Qualified Root Certificate

TeleSec qualified Root CA 1

Download Certificate

SHA512   -   ECC   -   P521
Validity period: 2017-04-05 - 2047-04-05
Fingerprint (SHA1): 90c6136c7defefe97cc764f9d2678ead03e55296
Certificate revocation list (CRL): http://pki.telesec.de/rl/TeleSec_qualified_Root_CA_1.crl

Internal Root Certificates

Deutsche Telekom Internal Root CA 1

Download Certificate

SHA1   -   RSA   -   2048
Validity period: 2007-11-15 - 2027-11-15
Fingerprint (SHA1): 15339aa230f5340e7bfcaafd754aa14cedd49858
Certificate revocation list (CRL): http://pki.telesec.de/rl/DT_Internal_Root_CA_1.crl

Deutsche Telekom Internal Root CA 2

Download Certificate

SHA256   -   RSA   -   2048
Validity period: 2017-08-03 - 2037-08-03
Fingerprint (SHA1): 12f714bdec4d2e3c2782ce1fcb8afe19b84aed8c
Certificate revocation list (CRL): http://pki.telesec.de/rl/DT_Internal_Root_CA_2.crl

Telekom Security Internal ECC Root 2023	Download Certificate
SHA384 - ECC - P384 Validity period: 2023-09-12 - 2048-09-12 Fingerprint (SHA1): 2f6b7fda81bd27abe13d434f9b03283c2f0ce757 Sperrliste: tba

Business.ID

OneTimePass

TCOS Smartcards

Identity & Access Management

Secure Elements & Smartcards

Smart Metering PKI

Healthcare

Group solutions from Deutsche Telekom

Root Program

Information about CA Certificates

Support

General

Contact

Downloads

Q&A

Note: