Skip to content

Qualified Website Certificates & Authentication: Verification & Certification of Your Trust Service

Become a qualified trust service provider for website authentication with TÜV NORD

Are you currently setting up or developing a qualified trust service for the creation of certificates for website authentication and would like to prove that you fulfil the requirements of the eIDAS Regulation? We can support you: from the necessary testing to conformity assessment (certification), we can provide you with all the services you need to qualify with your competent supervisory authority - in Germany the Federal Network Agency (BNetzA). In addition, we offer you workshops or provide you with an insight into the world of eIDAS & ETSI in the form of our eIDAS.PROFESSIONAL training.

Strengthen your customers' trust in your company's digital identity - with verified certificates, SSL technologies and the highest standards of encryption and security.

Stay qualified: Do you need to prove once again that you are implementing the applicable provisions of the eIDAS Regulation?We check your processes and documentation and accompany you on your way to successful re-certification.

Request a personalised quote now

Target group of the certification for trust service providers for website authentication

Our offer is aimed at a wide range of organisations involved in the secure, legally binding distribution and use of websites:

  • Companies that already operate a qualified electronic service for website authentication or are planning to set one up
  • Providers of digital identity services, certification services or trust services within the meaning of the eIDAS Regulation

Your path to becoming a certified trust service provider for electronic seals

This is how we support you holistically:

Training & Qualification

  • eIDAS.PROFESSIONAL training for your employees

Concept & preparation

  • Overview of the legal requirements for trust services, including the relevant eIDAS requirements, relevant ETSI standards and assessment of these requirements in the respective context
  • Explanation of the meaning of the Trust Service Practice Statement (TSPS) and introduction to the TÜV NORD certification programme, including normative and legal requirements, interpretations and other relevant aspects
  • Workshops and preliminary audits to identify non-conformities and potential for improvement through status analyses of the PKI or trust service and GAP analysis of existing documentation and processes

Testing & conformity assessment

Audit of your implementation based on the eIDAS Regulation, including

  • Article 38: Qualified certificates for electronic seals
  • Article 39: Qualified electronic seal creation devices

Application of the following ETSI standards:

  • ETSI EN 319 401: General requirements for trust service providers
  • ETSI EN 319 411-1/-2: Guidelines & security requirements for trust service providers issuing certificates
  • CA/Browser Forum: Baseline Requirements & Extended Validation Certificate Guidelines:Requirements that a certification authority must fulfil in order to issue digital certificates for SSL/TLS servers
  • eIDAS Regulation: Article 45 & Annex IV:Requirements for qualified certificates for website authentication

Certification & re-certification

  • Conformity assessment and certification
  • Support for inclusion in the EU Trusted Service List

FAQ on security certificates for websites

Servers and websites available on the network must be able to be reliably assigned to their operator if users are to trust them.Website authentication certificates (WAC) are issued to guarantee users (especially citizens and companies) that there is a legal entity (or natural person) behind the website that can be identified by trustworthy information. In addition to this secure identification of websites and server systems in the network, the WAC certificates guarantee

  • the confidentiality of the transmitted data
  • the integrity of the data
  • the use of modern SSL/TLS encryption
  • and a high level of digital security and trust

A Qualified Website Authentication Certificate (QWAC) is a digital SSL/TLS certificate issued in accordance with the requirements of the eIDAS Regulation. It guarantees the identity of the website operator as well as secure, encrypted communication between the website and the user.

The certification is aimed at trust service providers who want to issue certificates for website authentication - i.e. in particular providers of public key infrastructures (PKI), certification authorities (CAs) and companies with their own web infrastructure who want to fulfil the highest standards of security and trust.

Overall, the duration of the conformity assessment process depends on, for example, the number of trust services targeted, the complexity of your infrastructure and your current implementation status. As a rule, a complete conformity assessment process - including project kick-off, stage 1 audit, stage 2 audit, report preparation and certification - takes 6 months, although possible non-conformities during the audit can extend the duration.

We test according to the following standards, among others:

  • ETSI EN 319 401
  • ETSI EN 319 411-1/-2
  • Requirements of the CA/Browser Forum
  • Article 45 & Annex IV of the eIDAS Regulation

Qualified certificates (QWACs) offer a higher level of trust and state recognition in accordance with eIDAS. In contrast to regular SSL certificates, the identity of the certificate holder is checked particularly strictly, e.g. by qualified signature creation devices and an accredited trust service provider.

Why we are a strong partner for you

  • Independence
    Our employees are not subject to any conflicts of interest, as they are not beholden to any product providers, system integrators, shareholders, interest groups or government agencies.
  • Expertise
    With us, you have one of the leading experts in the field of cyber security at your side, certified by the BSI as an IT security service provider for IS audits and penetration tests.
  • International network of experts
    Around the globe: We support you both nationally and internationally. Our global network of experts is at your side for all IT security issues.
  • Industry experience
    Thanks to our many years of experience in a wide range of sectors, we can serve companies from a wide range of industries.
  • Tailored to you
    We focus on customised services - and solutions - that are ideally suited to your current business situation and the goals you have set yourself.

Do you have any questions? We are happy to help!

Additional services