DIAMOS Certificate Authority (DIAMOS CA)

Information on installation and use

The DIAMOS ROOT certificate (RSA, 2048 Bit, valid until 1 March 2042) can be downloaded from this website in order to install it in a browser (optimised for Mozilla/Firefox or Microsoft Internet Explorer (Microsoft Outlook, Microsoft Outlook Express)).

Please note that the certificate security system can be undermined by improper use or faulty software. Therefore, please always make sure that you have installed all patches involved in certificate evaluations and uses (see link list at the bottom of the page). This applies in particular to Microsoft operating systems and all mail clients. If necessary, ask your client administration if they are using the latest software regarding certificates. Please also make sure that you handle certificates correctly. If necessary, ask your client administration or the IT security department responsible.


Install DIAMOS ROOT certificate

The basis for an automated validation of the certificates issued by the DIAMOS CA is the DIAMOS ROOT certificate. This can be downloaded here.

If the import process does not start automatically, you may have to carry it out manually in your browser under Options/Extras.


Note: : If, during the installation, you are asked for which purposes you want to trust the certificate, please set that you trust the certificate for the identification/validation of web sites and email users.

If you encounter installation problems when installing the certificate, please contact your client administration.


Verify DIAMOS ROOT certificate

Like every certificate, the DIAMOS ROOT certificate has a “fingerprint”. This makes it possible to quickly and conveniently determine whether the certificate is correct and not compromised.

In order to rule out the possibility that you have installed a compromised certificate, you should contact DIAMOS Support by telephone. Read us the fingerprint that is displayed to you. We will be happy to compare the fingerprint according to your specifications.

If both match, you can be sure that you have installed the correct certificate. Otherwise, we will be happy to help you.


Install certificate revocation list

The certificate revocation list (CRL) contains the IDs of the revoked certificates. The list is renewed as soon as a certificate is revoked by the DIAMOS CA. If your browser allows automatic management of such a blacklist (e.g. Mozilla), this list will also be installed automatically. Any warnings that a blacklist is not available can thus be prevented.

Download/Install Certificate revocation list: Click here


Installation instructions

  • In order to install the CRL in the Microsoft certificate store (for use in Outlook, Outlook Express or Internet Explorer)
  • Please save the file and right-click on the file in the pop-up menu to select the entry “Install certificate revocation list”.
  • Afterwards, please complete all dialogues with “Continue/complete”..
  • With the Mozilla browser, it is sufficient to simply click on the link provided.
  • Browsers other than Microsoft Internet Explorer or Mozilla may have their own certificate stores (i.e. you may have to refer to the programme documentation to find out how to successfully install a certificate). In these cases, it is not sufficient to install the CRL in the Microsoft or Mozilla certificate store.

Warnings and error messages

The certificate security system is based on the correct installation of the DIAMOS ROOT certificate and the CRL. If you have not installed both or have not installed them correctly, error messages or warnings will appear. Please do not simply ignore the messages. That’s because they have a security-relevant background. However, if you still receive error messages or warnings even after an installation that appears to be correct, this may be due to faulty software or incorrect configuration. You can usually fix the former by updating to a newer release and have configuration problems fixed by your support or client administration.


Error messages or warnings for signed emails
If you receive warnings or error messages with signed emails from DIAMOS employees or when calling up websites with DIAMOS server certificates, please check the Trust Settings. These specify the purpose for which the certificate is trusted. If no purpose is entered, the DIAMOS ROOT certificate is not used at all. In this case, please activate all options.

If problems persist, please contact your client administration.