CA-Certificates and Certificate Policy
KfW utilizes and runs several services, that require certificates for a secure communication/connection or for the purpose of digital signatures. KfW creates and manages these certificates in different Public Key Infrastructures.
Secure E-Mail with KfW
KfW Group uses an e-mail encryption gateway which supports the encryption methods PGP and respectively S/MIME. The key material of the KfW employee can be request over the internet via the following LDAP query:
Servername: keys.kfw.de
Port: 389
Base DN: dc=keyserver
You can download the key material via the following Link: https://secmail.kfw.de.
Secure communication with PGP or S/MIME:
If you want to send the S/MIME certificate to KfW, please send a signed mail to the KfW recipient of your email.
If you use a PGP Key, please send us the key as an attachement (.asc) to .
If you use a PGP or S/MIME domain certificate, please send us the file (.zip) without password protection to .
Secure communication with GINAmail:
If you don't support PGP and S/MIME you can exchange secure e-Mails with KfW via GINAmail.
You will need a valid e-mail address and a browser to use GINAmail.
To use GINAmail please follow the instructions in the manual: manual encryption EN.
KfW Certificate Policy
This document provides KfW Certificate Policy.
KfW Root Certificate: (Generation 03)
KfW Root CA 03
KfW External Root CA 03
KfW Sub-CA Certificates
KfW User CA 03.1
KfW Bankpartner Sub-CA Certificates
Bankdurchleitung Online (BDO)
Open Banking Bildung (OBB)
Certificate Revocation lists (CRL)
KfW creates and publishes regularly or on demand Certificate Revocation Lists.
Share page
To share the content of this page with your network, click on one of the icons below.
Note on data protection: When you share content, your personal data is transferred to the selected network.
Data protection
Alternatively, you can also copy the short link: kfw.de/s/enkBc2Ke
Copy link Link copied