Verkabelung eines Servers mit einigen losen Steckern

Public Key Infrastructure

Lufthansa operates an internal Public Key Infrastructure (PKI) for the Lufthansa Group. By means of this infrastructure, Lufthansa employees receive personal certificates which enable the secure exchange of e-mails and files.

In order to check Lufthansa certificates for certain applications you require the following information, which is provided here for you free of charge:

  • Root certificate of Lufthansa Group PKI
  • Please consult the descriptions of your respective applications (web browser, e-mail client, etc.) on how to import the root certificate of Lufthansa Group PKI into your application environment.
  • Checksum of Lufthansa Group root certificate:
    Root certificate of Lufthansa Group PKI is valid from September 3rd 2020 until December 3rd 2037.
    Certificate fingerprint (SHA-1):
    bd 23 c8 bd a6 b1 52 a3 36 6f 1e 1d f5 45 38 a3 1d 76 21 fb
  • Certificate revocation list (CRL) of Lufthansa Group Root CA
  • Please find additional information and certificates of our Sub CAs in our PKI repository

Disclaimer and limitation of liability

Any liability and warranty on the part of Lufthansa with regard to the availability, completeness, functionality, creation, utilization, validity or correctness of Lufthansa certificates, the checksum, revocation lists, and contents published on this page is – as far as legally possible – excluded. 

What is a Public Key Infrastructure (PKI)? 

A Public Key Infrastructure (PKI) is a technical security infrastructure which permits the secure access to computer systems and secure communication. It is of crucial importance to be able to rely on the authenticity of the keys and the trustworthiness of the central certificate authority. 

The infrastructure makes it possible to issue, distribute, and authenticate the digital certificates and therefore to securely administer the public keys of the individual subscribers – hence the name Public Key Infrastructure (PKI). 

The most important components of a PKI are:

  • Digital certificates are digitally signed electronic data which, like an ID card, can be used as proof of the authenticity of a public key.
  • Each user of the PKI receives a key pair consisting of a “private key” and a “public key”. The Private Key is accessible only to the user, while the Public Key is openly available. Such a key pair allows, for example, the signing and encryption of messages and the clear identification of users.
  • The certificate authority provides the authenticity of public keys for all communication partners. Lufthansa-PKI supplies the certificates based on the public keys of the user certificates.
  • The registration authority serves to register the users.
  • The revocation lists contain revoked, expired, and invalid certificates.
  • The directory service lists issued certificates.

Benefits of the Public Key Infrastructure (PKI)

  • Authenticity of the individual participants: Is the sender of an e-mail actually the person he claims to be?
  • Integrity of the transferred data: Were the data sent by the sender in the form in which they were received?
  • Confidentiality of the transmission: Was the recipient the only person to read the message?
  • Binding character: The message sent was consciously sent by the sender and its content cannot be disputed at a later date.