Public Key Infrastructure at TÜV NORD GROUP

The TÜV NORD GROUP makes it possible for its business and private clients to transfer information to recipients in the TÜV NORD GROUP in coded form using secure email communication.

For this purpose, TÜV NORD GROUP operates an application environment using Public Key technology which makes it possible to send coded information to all staff at the TÜV NORD GROUP who have e-mail addresses.

The TÜV NORD GROUP operates an internal Public Key infrastructure. Certificates that are created by the TUEV NORD Public Key Infrastructure ("TUEV NORD PKI"), correspond to the X.509 v.3 standard ("TUEV NORD Certificates"). TUEV NORD issues personal certificates to its staff using this infrastructure, and the certificates are used for secure email communication. If necessary certificates for functional mailboxes* will be issued.

Public listing of certificates

In order that you can send a coded e-mail to the staff or functional mailbox* of the TÜV NORD GROUP, the necessary "Public Keys" of the recipient are sent to you via e-mail. Please follow the instructions below:

Request a Public Key

• Enter your precise e-mail address into the box marked "Your email address". ("Ihre E-Mail Adresse")
• Enter the precise e-mail address of the person or functional mailbox* who you are looking for into the "E-mail Address of the Keyholder" box. ("E-Mail-Adresse des Schlüsselbesitzers").
• Click on the "Request Key" button. ("Key-Anforderung")
• The keys will be sent to you by e-mail. 

In order that you can check the validity of personal TUEV NORD Certificates, we place the certificates of the TUEV NORD Certification Authorities (CAs) and the respective Certification Revocation Lists (CRLs) at your disposal for downloading.

The TÜV NORD GROUP provides the following certificates from the TÜV NORD Certification Authorities for downloading:

• Certificate of TUEV NORD ROOTCAv3 valid from 22/09/2015 to 22/09/2027
  Fingerprint of the certificate:
  99 13 cd 75 1f 20 3d 8d ea 3a 5f c0 6f 97 6c 85 e5 15 55 e3
   
• Certificate of TUEV NORD ROOTCAv4 valid from 05.10.2022 to 05.10.2037
  Fingerprint of the certificate: ‎‎
  ab b3 b2 5f 61 50 46 97 81 14 c6 e8 d9 52 cc d2 94 f5 a6 fc
   
• Certificate of TUEV NORD CORPCAv4 valid from 24.02.2023 to 24.02.2030
  Fingerprint of the certificate: ‎‎
  f0 ec 6e dd 85 31 ba 0f 7a d7 23 cc c3 b4 1d 68 29 f5 84 17
   
• Certificate of TUEV NORD CLIENTCAv4 valid from 24.02.2023 to 24.02.2030
  Fingerprint of the certificate: ‎‎‎
  c8 9c b5 58 76 6e c4 1f 94 a0 e0 55 39 9b b0 b9 7d 92 df a8
   
• Certificate of the TUEV NORD SECURE MAIL CAv4 valid from 16.09.2024 to 16.09.2031
  Fingerprint of the certificate: ‎‎‎
  d1 f1 1d 71 77 64 a7 cc 06 04 ef 2a 97 3c ee c1 b5 51 81 e1
   
• Certificate of the TUEV NORD SecPKI CA valid from 16.04.2025 to 16.04.2032
  Fingerprint of the certificate:
  db d1 2e 84 1d e5 f7 31 4d bc 52 24 c6 4e 0a 12 f0 6e 63 04

1. We are basically only liable to pay compensation for our wilful and grossly negligent action, for any culpable violation of major obligations, where a quality warranty has been assumed, in the case of default and in those cases where, for reasons attributable to us, the claim to the service is excluded under Art. 275/1 BGB (German Civil Code) or the service may be refused by us under Art. 275/2 BGB (German Civil Code). In terms of amount our duty to pay compensation is limited in cases of negligence towards entrepreneurs and legal entities under public law to compensation for foreseeable damage typical for the contract. Furthermore in cases of simple negligence, liability for damage to property and pecuniary damage is excluded.
2. With respect to entrepreneurs and legal entities under public law our liability for damage to property and pecuniary damage due to negligence is limited for each case of such damage to € 2,600,000.
3. Liability for damage arising from impairment of life, physical injury and impairment of health shall be unaffected by the foregoing liability provisions.
4. IWhere, under the foregoing provisions, our liability to pay compensation is excluded or restricted, this shall also cover the personal liability of our executive bodies, authorised experts/inspectors, employees and other co-workers, representatives and persons assisting us in the performance of our work and shall also apply with respect to all claims arising from impermissible action (Arts. 823 ff. BGB (German Civil Code), but not to claims under Arts. 1, 4 ProdHaftG (GermanProduct Liability Act).
5. We shall only be liable for the restoration of data if the customer has ensured that such data can be reconstructed from other data with a reasonable amount of effort. The customer is in particular obliged to back up data and programs at intervals appropriate to the application on a regular basis, at least once a day, in machine-readable form and hence to guarantee that such data and programs can be restored with a reasonable amount of effort.
6. The TUEV NORD Class 1 CA supports various applications. Most applications are only used internally without public perception. Therefore they are out of scope for this provision. The only application where external communication partners appear as relying parties is the TUEV NORD Secure Mail Gateway (“SMGW”). The SMGW supports X.509 certificates as well as PGP keys for signing and encrypting mails. The private keys used to sign and decrypt mails are stored on the SMGW in encrypted form. They are adequately protected from theft and unauthorized use or disclosure to others.
7. The TUEV NORD Class 1 PGP keys and X.509 mail certificates issued by the TUEV NORD CA may only be used for business purposes and for signature and encryption of mails. They must neither be used for private purposes nor to issue certificates to subordinate CAs or CRLs. Furthermore it is prohibited to use TUEV NORD mail certificates for document signatures neither in internal workflows nor in external communications.
8. The TUEV NORD mail certificates provide a reasonable level, but not fool-proof assurance, of a subscriber's identity. The certificate applicants' identities are automatically validated against enterprise business records stored in a global directory.

*Functional mailboxes or group mailboxes are non-personalized mailboxes that allow an authorized workgroup to share access, such as reading and sending emails with a common address (eg. support@tuev-nord.de). The functional mailbox will be initiated by the IT representative of the company and approved by the central IT administration.