Contact For More Information Now!

Your identity’s trust entity

Meets the highest security standards.
Available as high-security application, evaluated in accordance
with Common Criteria v3.1 and EAL3+ high*, approved in
accordance with the German Digital Signature Act (SigG)


Your identity’s trust entity

Meets the highest security standards.
Available as high-security application, evaluated in accordance  with Common Criteria v3.1 and EAL3+ high*, approved in accordance with the German Digital Signature Act (SigG)

What is a Trustcenter?

A Trustcenter is a trusted third party (TTP) entity, which verifies the respective communication partner’s identity in electronic communication processes. In electronic communication processes involving electronic signatures, for instance, certification service providers (Certification Authorities, briefly: CA) assume the role of a Trustcenter that issues certificates, which serve to verify the communication partner’s identity.

Our Trustcenter is market leader with the German Trustcenter system. Numerous renowned enterprises and institutions rely on our Trustcenter solutions and know-how. For instance, the root entity of the national German public key infrastructure is operated on our Trustcenter system. KOBIL’s Trustcenter solution is the efficient and budget-friendly basis for safe data and secured communication.

Our Trustcenter manages all relevant security levels reliably and conveniently:

  • … high availability, extremely fast and highly scalable.
  • … based on evaluated components; provides more flexibility.
  • … the convenient and intuitive administration interface.
  • … is extendable by modules and thus a flexible and scalable entry to secured IT systems.
  • … is the base of a large and highly-integrated family of security solutions.
  • … numerous extensions, integrations, connectors and special modules are available.
  • … self-operated, robust processes, group-based administration.
  • … adjustable roles ensure corporate acceptance and integration with existing processes.
Already used in GermanyScope of services
BNA (Federal Network Agency)

Certification authority (root entity for qualified signatures of the Federal Republic of Germany)

Trustcenter core

Registration Authority (RA)
Certification Authority (CA)
Infrastructure Services (IS)
Enrollment Server (ES)

BSI (German Federal Office for Information Security)

Certification authority (electronic ID cards (NPA), passports and terminals)

Management Desk

to manage applicants, applications for certificates and certificates
information on certificates and applications for certificates

DGN Service (German Health Network)

Certification authority (qualified and advanced signatures for health professionals and medical service provision)

Trustcenter OCSP

able to support multiple clients, one OCSP for various
certification authorities (CAs)
high-security application: Common Criteria evaluated (KOBIL OCSP 3.6.1 release 1111). Evaluation level EAL3+ approved as per SigG.
OCSP solution successful on the market.

ZDF (Zweites Deutsches Fernsehen)

Certification authority and self-operated certificate rollout (highly available PKI with corporate ID cards)

DWD (German Meteorological Service)

Basic set-up like ZDF connection to the management-PKI (of the federal states) via CMP

  • Key features

    • able to support multiple clients: one OCSP entity simultaneously serves any number of certification authorities (CAs)
    • various signature creation settings per each client available
    • available as high-security application
    • Common Criteria v3.1 evaluated (FlexiTrust-OCSP 3.6.1 release 1111)
    • EAL3+ high* approved as per German Digital Signature Act (SigG)
    • high efficiency even if numerous inquiries are received simultaneously
    • more than 1000 signed status responses per minute (depending on the available machine resources and signature components used)
    • high availability
    • active/passive and active/active operation with load distributor available
    • proof of existence and issuance of certificates
    • the certificates hash value is delivered for status responses “good“ and ”revoked“
    • if authorized by the issuer and explicitly requested by the client, certificate download is feasible
  • Supported standards

    • PKIX
    • Common PKI (ISIS-MTT)
    • CMP
    • CMS
    • PKCS

    Supported algorithms

    • RSA
    • ECC
    • SHA1, SHA2, RIPEMD
    • Shamir-Secret-Sharing
    • HMAC


    • Virtual Hosting (Multi-client-capable)
    • Four-Eyes-Principle
    • High availability (Two site installation, active-active-mode, e.g. F5 Load Balancer)
    • Highly configurable profiles (e.g. cross certificates)
    • Publication of certificates in LDAP (OpenLDAP, Sun Directory, Novell eDir, Microsoft ADS).
    • Management of certificates in databases (MySQL).
    • Integration into existing processes (e.g. LDAP-DB synchronization)
    • Sending of certificates and PKCS12 files by email
    • Remote Registration Authorities
    • Signature components (HSM, smart card, soft token)
    • Black list
  • Technical specifications

    Standard conformity

    • RFC 6960 (ehemals RFC 2560)
    • RFC 5019
    • Common-PKI 2.0 (ehemals ISIS-MTT)


    • RSA, ECC
    • SHA-1/2, RIPEMD-160, MD5
    • Secret Sharing nach Shamir

    signature components

    • PKCS#12-Dateien (Softtoken)
    • Chipkarten
    • EAL4+ zertifizierte Karten auf TCOS 3.0 Basis
    • Hardware Security Module (HSM)
    • Eracom, SafeNet, Utimaco

    dual-control principle

    • user cards to release passwords and signature components

    operating systems

    • Solaris SPARC (evaluated)
    • all Linux distributions
    • Windows systems

    LDAPv3-server as data base for certificates

    • OpenLDAP
    • Sun Directory Server
    • Novell eDirectory
Contact Sales