Certificate chain

To use your certificate in your web server, you need the certificate chain. Depending on the age of your certificate, you will need either the Generation 1 chain (certificate issued up to and including 2016) or the Generation 2 chain (certificate issued from 2017).

Generation 1 (until 2016)

• Root certificate of T-Systems
  (SHA-1 fingerprint: 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF)
• Certificate of the German Research Netzwork
  (SHA-1 fingerprint: F4:C5:38:C3:BB:99:4F:13:F8:FD:C2:40:B6:79:A6:4B:19:34:A1:B5)
• Certificate of the University of Bremen
  (SHA-1 fingerprint: D0:A9:97:44:F3:07:68:38:86:80:AD:7F:2E:71:E9:EA:DA:FF:EC:FD)

Alternatively, you can download the complete certificate chain in PEM format. This contains the three certificates listed above in summarized form.

Generation 2 (from 2017 onwards)

• T-TeleSec GlobalRoot Class 2
  (SHA-1 fingerprint: 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9)
• DFN-Verein Certification Authority 2
  (SHA-1 fingerprint: E2:24:BE:F6:D7:86:22:0D:26:2B:B8:07:AB:6D:AC:F9:D3:A8:9A:93)
• DFN-Verein Global Issuing CA
  (SHA-1 fingerprint: C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45)

Alternatively, you can download the complete certificate chain in PEM format. This contains the three certificates listed above in summarized form.