Skip to content

Qualified Website Certificates & Authentication: Verification & Certification of Your Trust Service

Become a qualified trust service provider for website authentication with TÜV NORD

Are you currently setting up or developing a qualified trust service for the creation of certificates for website authentication and would like to prove that you fulfil the requirements of the eIDAS Regulation? We can support you: from the necessary testing to conformity assessment (certification), we can provide you with all the services you need to qualify with your competent supervisory authority - in Germany the Federal Network Agency (BNetzA). In addition, we offer you workshops or provide you with an insight into the world of eIDAS & ETSI in the form of our eIDAS.PROFESSIONAL training.

Strengthen your customers' trust in your company's digital identity - with verified certificates, SSL technologies and the highest standards of encryption and security.

Stay qualified: Do you need to prove once again that you are implementing the applicable provisions of the eIDAS Regulation?We check your processes and documentation and accompany you on your way to successful re-certification.

Request a personalised quote now

Target group of the certification for trust service providers for website authentication

Our offer is aimed at a wide range of organisations involved in the secure, legally binding distribution and use of websites:

  • Companies that already operate a qualified electronic service for website authentication or are planning to set one up
  • Providers of digital identity services, certification services or trust services within the meaning of the eIDAS Regulation

Your path to becoming a certified trust service provider for electronic seals

This is how we support you holistically:

Training & Qualification

  • eIDAS.PROFESSIONAL training for your employees

Concept & preparation

  • Overview of the legal requirements for trust services, including the relevant eIDAS requirements, relevant ETSI standards and assessment of these requirements in the respective context
  • Explanation of the meaning of the Trust Service Practice Statement (TSPS) and introduction to the TÜV NORD certification programme, including normative and legal requirements, interpretations and other relevant aspects
  • Workshops and preliminary audits to identify non-conformities and potential for improvement through status analyses of the PKI or trust service and GAP analysis of existing documentation and processes

Testing & conformity assessment

Audit of your implementation based on the eIDAS Regulation, including

  • Article 38: Qualified certificates for electronic seals
  • Article 39: Qualified electronic seal creation devices

Application of the following ETSI standards:

  • ETSI EN 319 401: General requirements for trust service providers
  • ETSI EN 319 411-1/-2: Guidelines & security requirements for trust service providers issuing certificates
  • CA/Browser Forum: Baseline Requirements & Extended Validation Certificate Guidelines:Requirements that a certification authority must fulfil in order to issue digital certificates for SSL/TLS servers
  • eIDAS Regulation: Article 45 & Annex IV:Requirements for qualified certificates for website authentication

Certification & re-certification

  • Conformity assessment and certification
  • Support for inclusion in the EU Trusted Service List

FAQ on security certificates for websites

Servers and websites available on the network must be able to be reliably assigned to their operator if users are to trust them.Website authentication certificates (WAC) are issued to guarantee users (especially citizens and companies) that there is a legal entity (or natural person) behind the website that can be identified by trustworthy information. In addition to this secure identification of websites and server systems in the network, the WAC certificates guarantee

  • the confidentiality of the transmitted data
  • the integrity of the data
  • the use of modern SSL/TLS encryption
  • and a high level of digital security and trust

A Qualified Website Authentication Certificate (QWAC) is a digital SSL/TLS certificate issued in accordance with the requirements of the eIDAS Regulation. It guarantees the identity of the website operator as well as secure, encrypted communication between the website and the user.

The certification is aimed at trust service providers who want to issue certificates for website authentication - i.e. in particular providers of public key infrastructures (PKI), certification authorities (CAs) and companies with their own web infrastructure who want to fulfil the highest standards of security and trust.

Overall, the duration of the conformity assessment process depends on, for example, the number of trust services targeted, the complexity of your infrastructure and your current implementation status. As a rule, a complete conformity assessment process - including project kick-off, stage 1 audit, stage 2 audit, report preparation and certification - takes 6 months, although possible non-conformities during the audit can extend the duration.

We test according to the following standards, among others:

  • ETSI EN 319 401
  • ETSI EN 319 411-1/-2
  • Requirements of the CA/Browser Forum
  • Article 45 & Annex IV of the eIDAS Regulation

Qualified certificates (QWACs) offer a higher level of trust and state recognition in accordance with eIDAS. In contrast to regular SSL certificates, the identity of the certificate holder is checked particularly strictly, e.g. by qualified signature creation devices and an accredited trust service provider.

Why we are a strong partner for you

  • Independence
    Our employees are not subject to any conflicts of interest, as they are not beholden to any product providers, system integrators, shareholders, interest groups or government agencies.
  • Expertise
    With us, you have one of the leading experts in the field of cyber security at your side, certified by the BSI as an IT security service provider for IS audits and penetration tests.
  • International network of experts
    Around the globe: We support you both nationally and internationally. Our global network of experts is at your side for all IT security issues.
  • Industry experience
    Thanks to our many years of experience in a wide range of sectors, we can serve companies from a wide range of industries.
  • Tailored to you
    We focus on customised services - and solutions - that are ideally suited to your current business situation and the goals you have set yourself.

Do you have any questions? We are happy to help!

Additional services

Hände tippen auf Laptop, umgeben von schwebenden Dokumentensymbolen.

Electronic signatures and seals

As an accredited testing and certification body, TÜVIT supports trust service providers from the planning of their services through the necessary tests to certification.
Read more
Hand stempelt Dokument, daneben schwebende Symbole von Dokumenten mit Häkchen.

Electronic seals

Become a qualified trust service provider (VDA) for electronic seals: We support you in planning your service(s), carry out tests according to eIDAS & ETSI and accompany you on your way to conformity assessment.
Read more
Hand hält Smartphone mit digitalem Dokument und Signatur-Symbol.

Remote signatures / remote seals

A trustworthy environment is the be-all and end-all when creating electronic remote signatures. To prove this objectively and be officially listed as a VDA, you must fulfil the requirements of the eIDAS regulation.
Read more
Person arbeitet an Laptop, umgeben von schwebenden digitalen Symbolen für Dokumente und Ordner.

Electronic time stamps

Would you like to be officially included in the European eIDAS trusted list of qualified providers as a VDA for electronic time stamps? We can support you with services such as planning, testing and conformity assessment.
Read more
Person hält Tablet mit schwebenden E-Mail-Symbolen, Laptop und Kaffeebecher im Hintergrund.

Electronic registration and delivery services

Become a qualified trust service for electronic registration and delivery services. We offer you: Training, workshops, planning your services, testing according to eIDAS & ETSI, conformity assessment (certification).
Read more
Hände tippen auf Laptop, umgeben von schwebenden digitalen Zertifikatsymbolen.

Validation services for electronic signatures, seals and time stamps

If you want to become a qualified trust service provider and be included in the EU Trusted Service List, your service must fulfil the requirements set out in the eIDAS Regulation. We can support you with this!
Read more
Person tippt auf Laptop mit schwebendem Interface aus Ordner- und Dokumentensymbolen.

Electronic archives and preservation services

If you as a VDA would like to offer services for the long-term (re)storage of signed documents, you must fulfil the requirements of the eIDAS Regulation. We can provide you with all the services you need for successful qualification.
Read more
Hand hält digitales Zertifikat mit Häkchen und Sternen, umgeben von Dokumentensymbolen.

Modular services

With TÜVIT for eIDAS conformity of your modular service: We carry out the necessary tests according to eIDAS & ETSI, prepare a conformity assessment report and accompany you all the way to successful certification.
Read more
Person im Anzug nutzt Fingerabdrucksensor auf einem holografischen Login-Interface vor einem Laptop.

Electronic identification (eID)

Rely on us for the security of your eID service: We support you with training, workshops, GAP analyses, document checks and on-site audits on your way to qualification and EU notification.
Read more
Person interagiert mit einem digitalen Dokument auf einem Laptop, während sie ein Smartphone hält.

Qualified Signature Creation Device (QSCD)

As an accredited assessment and certification body for Common Criteria and QSCDs, we support trust service providers in the planning, assessment, certification and publication of QSCDs by the EU Commission.
Read more
Stadtverkehr mit Autos, die durch digitale Netzwerksymbole verbunden sind.

Cooperative Intelligent Transport Systems (C-ITS)

We support you on your way to an IT-secure C-ITS solution: from planning or further development to testing and certification in accordance with the security requirements of the European Commission.
Read more