The trust relationship to the infrastructure of the Commerzbank AG

This webpage informs you about the technical infrastructure of the Commerzbank inhouse certificate services. You will find all the information here to establish an X.509 trust between Commerzbank AG and your company to use eMail security. Information on the QuoVadis Trust Center is not filed here and should be obtained directly from QuoVadis.

The Commerzbank CA hierarchy

The Commerzbank AG uses a three-step hierarchic certificate infrastructure:

• A Root-CA certificate
• A sub certificate (Sub-CA) signed by the Root-CA certificate
• The certificate of the employee, signed by the sub certificate

You have to set your email program in a way, that you either trust the Root-CA certificate (recommended) or the user certificate (with no automatically security validation via internet). The Root-CA certificate can be downloaded below:

The Certificate Revocation List (CRL)

Different to PGP the X.509 certificates have a special security property: A special file called CRL („Certificate Revocation List“) lists all corrupted, insecure or revoked certificates. If a certificate is found in the CRL then it has a high probability that a new one was issued to the owner, which should then be used for communication. You should configure your email client in such a way, that the list is checked every time you open a signed email of a Commerzbank employee. If you have activated this function, then your PC will download such a list periodically.

You can find the current CRL here, if you have problems to download it automatically. The CRLs are signed by the issuing certificates for security reasons. To check the signature a trust relationship is necessary.

Download Certificate Revocation List (CRL)

• Root (SHA-1)
• Root (SHA-2)
• E-Mail-Security CRL (SHA-1)
• E-Mail-Security CRL (SHA-2)