This website contains information about the root certificate authority CVCA-eID operated by the Federal Office for Information Security (BSI).
The CVCA-eID represents the national trust anchor of the authorization PKI, that grants access to the identity function of electronic ID cards, by endowing the Document Verifier (DV) at the next hierarchical level with the necessary access rights.
The certificates used in the eID-CVCA PKI are self-descriptive Card Verifiable Certificates (CV-certificates) compliant with the ISO Standard 7816 (ISO/IEC 7816-4:2005, ISO/IEC 7816-6:2004, ISO/IEC 7816-8:2004).
The BSI offers a test certification to organizations that wish to act as a Document Verifier within the CVCA-eID PKI. This offer should be used to test the DV's internal processes, as well as the automated communication with the CVCA-eID.
The tests take place in a separated test infrastructure, which is very similar to the live system. Digitial keys generated or used in the test-system shall not be used in the live-system and vice versa.
A test certification can be applied for by sending a certificate request to the following email address: CVCA-eID@bsi.bund.de.
Additionally, the request must contain:
The certificate policy of the CVCA-eID (CVCA-eID CP) describes the conditions under which the authorization certificates in the eID-CVCA PKI are issued.
In general, organizational and technical requirements for the recognition, issue, management, usage and the renewal of certificates for the access to the eID feature of electronic ID cards are defined in the certificate policy.
Download of the Certificate Policy for the eID application of German official documents CP CVCA-eID Version 2.2, 24.10.2017 (PDF, 2MB, File is accessible) (in German)