Certificates for email encryption

The certificates used by the German Bundestag are available here for download:

•  from 2009 onwards
  Deutsche Telekom Root CA 2 DER format CER format PEM format
  SHA1 fingerprint: 85 a4 08 c0 9c 19 3e 5d 51 58 7d cd d6 13 30 fd 8c de 37 bf
  
  DFN-Verein PCA Global - G01 DER format CER format PEM format
  SHA1 fingerprint: f0 28 8f da c6 3a f7 9a 31 9a e9 72 f3 95 09 0e a3 ef e9 45
  
  Deutscher Bundestag CA - G01 DER format CER format PEM format
  SHA1 fingerprint: 0a 0d 87 72 ee e7 b9 47 ae a7 fc 58 c5 47 90 7f 75 f9 50 62

•  from 2006 onwards
  Zertifizierungsstelle Deutscher Bundestag DER format CER format PEM format
  SHA1 fingerprint: 2d 50 2b f1 42 13 3b f3 83 53 3c 99 48 97 b5 f4 96 b1 08 9e

The German Bundestag’s Certification Authority

The German Bundestag provides Members of the Bundestag and staff from the Bundestag’s Administration with certificates to sign (digital signature) and encrypt emails. From September 2009 onwards, these certificates will be digitally signed by a certificate chain consisting of Deutsche Telekom, the DFN-Verein, and the German Bundestag. Deutsche Telekom will serve as the root certification authority, the DFN-Verein as the policy certification authority (PCA) and the German Bundestag as the certification authority (CA).

From 2006 to 2009, the certificates were issued by the German Bundestag’s autonomous certification authority.

Receiving and verifying digitally signed emails from the German Bundestag

To verify a signed email (verification of the digital signature) from the German Bundestag, you will need the certificate of the certifying authority. Only once this certificate has been imported into your email client and you have added it to your trusted certificates will the signature be successfully verified by the email client. A successful verification confirms the origin and integrity of the email, i.e. that it was not modified in transit.

In order to verify digital signatures from 2009 onwards which are based on the Deutsche Telekom root certificate, you will need the certificates entitled "Deutsche Telekom Root CA 2", "DFN-Verein PCA Global - G01" and "Deutscher Bundestag CA - G01", which are available here for download.

It is not necessary to import the certificate chain into Microsoft applications (e.g. Internet Explorer, Outlook Express), as the Deutsche Telekom root certificate is already included in the Windows certificate store. The Deutsche Telekom root certificate is also included in Mozilla – Products (Firefox Version 3.5 and higher).

In order to verify certificates issued from 2006 to 2009, please download the certificate entitled "Zertifizierungsstelle Deutscher Bundestag".

Sending encrypted emails to Members or staff of the German Bundestag

In order to encrypt emails, the sender must import the recipient’s public key into his or her email client. The public key for the individual email addresses of Members of the Bundestag and Administration staff is automatically included in every digitally signed email from the person concerned. You may wish to ask the intended recipient at the German Bundestag to send you a digitally signed email so that you can send an encrypted reply. It is also possible to search for the recipient’s certificate (signed public key). Please click here for download.