Digital ID
Siemens issues digital certificates ("Certificates", also known as "Digital IDs") to its employees and agents, to its known business partners and to Siemens web sites in accordance with its „Siemens Issuing CA“.
Certification Authority ("CA") contact information
Siemens AG
GS IT ISEC, Attn. Siemens Issuing CA(s)
81739 Munich
Federal Republic of Germany
E-mail: contact.pki@siemens.com
Website: https://www.siemens.com/pki/
Certificate Policy / Certification Practice Statement (“CP/CPS”)
- Siemens CP (PDF)
- Siemens CPS Root CA (PDF)
- Siemens CPS Issuing CA (PDF)
- Siemens EE Policy (PDF)
- Siemens CA Hierachy Policy (PDF)
CA and repository, licenses, confidentiality and audit
The Siemens PKI is classified as critical IT infrastructure of the company and was audited and certified in accordance with ETSI TS 102042 V2.4.1.
Limited warranty and disclaimer / Limitation of liability
Included in Siemens Certificate Policy (CP)
CA Certificates
Siemens has made the Siemens CA(s) Certificates available for downloading. Please find an overview of the structure and different CA Certificates in Siemens PKI CA Hierarchy (PDF).
- Download Siemens CAs
OCSP Responder
A special OCSP Responder is operated to provide an interface for a qualified validity check of certificates within the Siemens PKI. The OCSP responder return a signed response signifying that the certificate specified in the request is good, revoked, unknown or unauthorized. If it cannot process the request, it returns an error code. Requests for certificate which are not provided by one of the Siemens CA’s will by rejected as “unknown”.
The system can be accessed from Intranet and Internet via the URL
ocsp.pki-services.siemens.com
Certificate Revocation Lists
Siemens has made the Certificate Revocation Lists (CRL(s)) below for Certificates issued by the Siemens Issuing CA(s) available for downloading.
- Download Certificate Revocation Lists
Certificate Test Site
The Siemens CA provides a certificate test site for all valid Issuing CAs under https://catestsite.siemens.com
Public Certificate Repository
Siemens operates a publicly accessible Certificate Repository. In the Certificate Repository the Certificates of the Siemens PKI are stored. The Certificate Repository is available on the Internet to enable the exchange of secure e-mails with Siemens.
The Certificate Repository offers an Online Search for Siemens certificates. To retrieve Certificates directly from the Certificate Repository, it must be set up and configured as LDAP directory in the respective e-mail encryption program.
- E-Mail-Encryption requirements (PDF)
- E-Mail-encryption with business partners (Guideline for Siemens Employees) (PDF)
- E-Mail-encryption with business partners (Guideline for business partners) (PDF)
Access Domain Name IP-Address Port Search Base
Siemens cl.siemens.com 194.138.20.37 389 o=trustcenter
Authentication with Siemens PKI
- PKI Smart Card Usage for Business-Partners Features and Requirements (PDF)
- Multipurpose Business Partner Certificates Guideline for the Business Partner (PDF)
PGP certificates in the Certificate Repository
The Certificate Repository also contains the Siemens PGP certificates. It can be used with all PGP clients supporting LDAP.
European Bridge CA
Siemens is a member of the European Bridge CA.
The European Bridge CA operates a virtual Directory Service. Certificates of participants from different companies can be called up via this Directory Service. For this the LDAP-queries of the Bridge-CA are forwarded to the repositories of the connected organizations. Also the Siemens PKI Certificate Repository can be called up via this service.
The European Bridge CA offers an online search for certificates. Here also all Siemens certificates can be found if the correct mail-address is provided.
To use the Bridge-CA Repository it must be set up and configured as an LDAP directory the respective e-mail encryption program:
Access Domain Name IP-Address Port Search Base
EBCA dir.ebca.de 81.16.50.37 389 o=ebca
Related Links