The trust relationship to the infrastructure of the Commerzbank AG

This webpage informs you about the technical infrastructure of the Commerzbank inhouse certificate services. You will find all the information here to establish an X.509 trust between Commerzbank AG and your company to use eMail security. Information on the QuoVadis Trust Center is not filed here and should be obtained directly from QuoVadis.

The Commerzbank CA hierarchy

The Commerzbank AG uses a three-step hierarchic certificate infrastructure:

You have to set your email program in a way, that you either trust the Root-CA certificate (recommended) or the user certificate (with no automatically security validation via internet). The Root-CA certificate can be downloaded below:

The CA certificates

Download Root-CA certificate

If you trust the Root certificate and add a certificate of an employee of the Commerzbank to your mail program, then the sub issued certificates will be installed also via the Internet. You can download the sub issued certificate here, if a problem occurs during the automated download:

Download eMail Security Sub-CA certificate

The Certificate Revocation List (CRL)

Different to PGP the X.509 certificates have a special security property: A special file called CRL („Certificate Revocation List“) lists all corrupted, insecure or revoked certificates. If a certificate is found in the CRL then it has a high probability that a new one was issued to the owner, which should then be used for communication. You should configure your email client in such a way, that the list is checked every time you open a signed email of a Commerzbank employee. If you have activated this function, then your PC will download such a list periodically.

You can find the current CRL here, if you have problems to download it automatically. The CRLs are signed by the issuing certificates for security reasons. To check the signature a trust relationship is necessary.

Download Certificate Revocation List (CRL)

If you have any further questions please ask your IT support. In special cases you may contact the certificate services of the bank via your Commerzbank contact.