DIAMOS Certificate Authority (DIAMOS CA)

Information on installation and use

From this website you can download the DIAMOS ROOT certificate (RSA, 2048 Bit, valid until 03/01/2042) in order to install it in a browser (optimized for Mozilla / Firefox i.e. Microsoft Internet Explorer (Microsoft Outlook, Microsoft Outlook Express)).

Please note that improper use or faulty software can undermine the certificate security system. Always ensure that all patches involved in the evaluations and applications of certificates have been installed (see list of links on the page below). This applies particularly to Microsoft operating systems and all mail clients. If necessary, contact your client administrator to determine whether the latest software is being used for the certificates. Please further ensure that you are handling the certificates correctly, if necessary ask your client administrator or the department responsible for IT security.

Installing DIAMOS ROOT certificate

The DIAMOS ROOT certificate forms the basis of an automated validation of the certificates issued by DIAMOS CA. You can download it here.

In case the import operation does not start automatically, you may have to carry it out manually in your browser under options /extras.

Note: If during installation you are asked for what purpose you would like to trust the certificate, please configure that you trust the certificate for the identification / validation of websites and email users.

If problems occur during the installation of the certificate, please contact your client administrator.

Verifying DIAMOS ROOT certificate

Like any certificate, the DAIMOS ROOT certificate has a so-called fingerprint. This swiftly and easily helps to determine whether the certificate is correct and not compromised.

To avoid installing a compromised certificate, you should phone our DIAMOS Support. Simply read out the fingerprint shown to you and we will compare it with the correct version.

If both sets of fingerprints correspond, you can be assured that you installed the correct certificate. Otherwise, we will be glad to assist you further.

Installing certificate revocation list

The certificate revocation list (CRL) contains the IDs of revoked certificates. The list is updated as soon as a certificate is blocked by DIAMOS CA. If your browser allows for an automatic administration of such a revocation list (like e.g. Mozilla), then this list is automatically installed. This prevents possible warnings about the revocation list not being available.

Download/Install Certificate Revocation List [latest update: 04/23/2012, valid until 06/07/2012]:
Please klick here

Installation notes:

  • To install the CRL in Microsoft’s certificate store (for use in Outlook, Outlook Express and Internet Explorer):
    • Please save the file and click on the entry “Install certificate revocation list” in the right-mouse pop-up menu.
    • Then conclude all dialogues with “Next/Finish“.
  • For the Mozilla browser a simple click on the link shown is sufficient.
  • Browsers other than Microsoft Internet Explorer and Mozilla may have their own certificate store, i.e. you may have to consult the software documentation to find out how to carry out the installation successfully. In these cases, it is not sufficient to install the CRL in Microsoft’s or Mozilla’s certificate store.

Warnings and error messages

The certificate security system builds on the correct installation of the DIAMOS ROOT certificate and the CRL. If you do not have either of these, or installed them incorrectly, warnings or error messages will occur. Please do not simply ignore these messages, as they have a security-relevant background. Should you still receive error messages or warnings after a seemingly correct installation, this may be due to faulty software or incorrect configuration. The former can generally be rectified by updating to a new release, and configuration problems can be solved by your support team, i.e. client administration.

Error messages or warnings for signed e-mails:
Should you receive warnings or error messages from signed e-mails sent by DIAMOS’ employees, or when accessing websites with the DIAMOS server certificates, please check the so-called trust settings. These determine the purpose for which the certificate is trusted. If no purpose is entered, the DIAMOS ROOT certificate will not be used at all. In this case, activate all options.

Should problems persist, please contact your client administration.

to top