Sorry, we are still working on the translation of our website. Some information is currently only available in German.

Corporate PKI of Deutsche Telekom

The Corporate Public Key Infrastructure Next Generation of Deutsche Telekom AG is a Public Key Infrastructure (PKI) operated centrally in the Trust Center of Telekom Security for the generation and administration of different X.509v3 certificate types, which are used in particular for e-mail security, strong authentication (client-server), remote VPN, servers and active network components (e.g. routers, gateways).

With the cPKI, Telekom Security operates a complete PKI solution for Deutsche Telekom, whose infrastructure is installed in the highly secure Telekom Security Trust Center and operated by qualified personnel.

This PKI creates and manages certificates as an electronic identity for employees of the Deutsche Telekom Group. By using the functions provided by the PKI, every employee has the opportunity to authenticate himself reliably at electronic services and to communicate securely with other communication partners using signatures and encryption.

The main tasks of the cPKI are the Certification Authority (CA) processes for issuing, providing and managing certificates according to the X.509 standard. These processes ensure an integrated certificate management in the system infrastructure of Deutsche Telekom and the management of the key material (encryption key) for the interaction with IT systems and users. Under the cPKI itself, different intermediate-CAs are subsumed, which are also subordinate to hierarchically different root certification authorities.

Secure E-Mail communication

Deutsche Telekom supports the secure communication of encrypted and signed E-Mails via the Internet. The S/MIME standard is used as end-to-end encryption for encrypting E-Mail traffic with your company.

Deutsche Telekom also supports the PGP standard via an E-Mail encryption gateway.


S/MIME uses digital certificates to protect E-Mail. To use S/MIME, a trusted certificate and an S/MIME compatible E-Mail client, such as Outlook or Thunderbird, are required. Digital certificates issued by public Certification Authorities (CA) or corporate CAs can be considered as digital identities.

The Corporate PKI of Deutsche Telekom AG provides for all employees in Germany and in the national subsidiaries of Deutsche Telekom Security GmbH trustworthy certificates for secure E-Mail communication. These are advanced certificates that comply with ETSI (LCP).

The Trust Center of Deutsche Telekom ensures that the Sub-CA "Deutsche Telekom AG secure email CA E03" under the public Root-CA fulfills and complies with the requirements and regulations of ETSI 319411-1 Policy LCP and ETSI 319401.

Further details can be found in the Certificate Policy (CP) and the Certification Practice Statement (CPS).


More Details about the Corporate PKI