Frequently Asked Questions - Signature Cards

Procurement, deployment, use, special features etc.

You have received a new signature card. Before you can use this to create a signature, it must be initialized, i.e. activated.
Depending on the trust center, individual PINs are awarded.

You will receive the signature card (Telesec) or the PIN-letter (D-TRUST), an indication of which software you can use to initialize your card.
This initialization is also with Sign Live! CC possible provided you have Sign Live! CC licensed. The following tutorials are available for this:

Please note:

After the initialization, an acknowledgment of receipt must be sent to the trust center. Only then will the certificate of your signature card be included in the directory service and a signature created with this signature card can be validly validated.

  • To activate a D-TRUST-Signature card please use the  SMS-TAN-Procedure the D-TRUST.
  • Acknowledgment of receipt to the  telesec you can submit online or offline. Please navigate on the page of the TELESEC all the way down.


Created: 09.04.2021 - 16: 45
Stand: 13.04.2021 - 12: 21

The health professional ID G2 the D-TRUST is from Sign Live! CC from version 7.1.7 supported. Please make an update if necessary and observe the release notes.
We do not accept any liability for other health professional cards.



Updated: April 2021
Created: March 2020

Created: 03.12.2020 - 08: 18
Stand: 19.12.2022 - 13: 31

The D-TRUST has the OCSP-Responder changed. In order to validate D-Trust signatures with Sign Live! CC Verion 7.0.6 to get valid results a hotfix must be installed Without this hotfix, the validation of D-TRUST Signatures with Sign Live! CC version 7.0.6 come to the result "unknown".
An update to Sign Live! CC Version 7.0.7 or higher already includes the new one OCSP-Responder. A hotfix is ​​then not required.

  • If you do not have the latest version of Sign Live! CC update please play the hotfix Sign Live! CC OCSP PSS .

Created: 08.11.2018/XNUMX/XNUMX
Updated: 22.05.2019/XNUMX/XNUMX

Created: 08.11.2018 - 14: 03
Stand: 08.02.2021 - 22: 31

The Federal Printing Office (D-TRUST) has been issuing new signature cards since the beginning of October 2020. These can be in Sign Live! CC from version 7.1.6 be used.

What Sign LIve! CC - You can select the version you are using via the menu item Help> About check. An update may be required. If you Sign Live! CC within or in combination with another partner software use, talk about installing the new version please beforehand with the manufacturer of this application. Please also note the   Release Notes.

As a user of the Sign Live! CC DATEV-Edition please make sure that you download the Sign Live! CC DATEV- Edition 7.1.6 must be registered on our homepage.



Updated: 05.11.2020/XNUMX/XNUMX
Created: 05.11.2020/XNUMX/XNUMX

Created: 05.11.2020 - 10: 26
Stand: 28.01.2021 - 12: 48

When using the D-TRUST cards 3.1 or D-TRUST cards 3.1 multicard can result in an error message when signing "The data received do not match the data sent. Either the application is not configured for the signature card used (wrong hash algorithm) or the data has been manipulated "  kommen.

  • Sure you have Sign Live! CC still in use in version 7.0.6. This error message has been eliminated by updating to the current version. In case you Sign Live! CC within or in combination with another partner software use, talk about installing the new version please beforehand with the manufacturer of this application. If an update is possible, please note the Release Notes.
  • If an update is not possible, please play the hotfix Sign Live! CC Hotfix DTRUST 3.1 Card a. This hotfix is ​​available exclusively for the version 7.0.6 to disposal. Please check in Sign Live! CC  via menu item Help> About the version number.


Created: 17.08.2018/XNUMX/XNUMX
Updated: 05.11.2020

Created: 17.08.2018 - 10: 03
Stand: 08.02.2021 - 22: 30

Batch signatures are with the D-TRUST Multicard 3.0 only with the qualified certificate possible. For signatures with the advanced certificate, there is one for each signature PIN-Entry required.

From D-TRUST multicard 3.1, a batch signature with the qualified and the advanced certificate is possible.


Status: May 2017


Created: 01.06.2017 - 13: 52
Stand: 05.11.2020 - 10: 10

The PIN-Modification mechanism of Sign Live! CC only allows numbers to be entered by default. The certificates of all German trust centers are of such a nature that the personal PIN - to create a qualified electronic signature - must consist of numbers. The ones from BSI (Federal Office for Information Security) certified card readers are also designed for entering numbers.

In contrast to German signature cards, signature cards from Switzerland allow an alphanumeric PIN to. This one PINs not suitable for creating qualified signatures according to SigG are, the use of alphanumeric PINs of Sign Live! CC not offered. Would you still like to Sign Live! CC for initialization (creation of individual PINs) from Swiss signature cards, please proceed as follows:

  1. Turn the safe PINInput from. (Menu "Extras> Settings> Signatures> Signature devices> signIT smartcard").
  2. Start Sign Live! CC and select the menu item "Tools> Smartcard Tools> PIN-Management".
  3. Select the certificate you want and click on "Initialize".
  4. After following the instructions in the next FGWhen you have read it click on "Complete".
  5. In the next window click on the switch "Input via keyboard".
  6. Open any text editor and type the one you want PIN .
  7. Highlight the entered PIN and copy them using the keyboard shortcut CTRL+ C.
  8. Switch to Sign Live! CC and add the new PIN with the key combination CTRL+ V in the "new PIN"And" new PIN repeat "a.
  9. Confirm your entry by clicking the "Finish" button.

Please note:

  • That this only applies to signature cards from Switzerland, since German signature cards only allow numbers.
  • Before using alphanumeric PINs you should consider that the creation of qualified signatures according to the German SigG with alphanumeric PINs is not possible.

Status: January 2015

Created: 13.08.2015 - 11: 47
Stand: 14.11.2017 - 16: 01

If you use your passport to apply for a new card for a signature card, various dates are sometimes incorrectly accepted.
In this case, select “ID” instead of “Passport” when selecting the ID type. Then it should work.


Updated: September 2020
Created: September 2020

Created: 07.07.2020 - 14: 30
Stand: 17.09.2020 - 15: 38

In order to apply for follow-up cards, the installation of the "Universal Smartcard Browser Gateway" required, otherwise the card readers and signature cards will no longer be recognized. You can find the installation instructions for Telesec (Deutsche Telekom Security GmbH) here .
The use is currently under Windows by the browsers Mozilla Firefox and VPN extensions for Google Chrome unterstützt.

We recommend restarting the computer after the installation.

Note: The card reader should already be connected when the follow-up card application is started, otherwise it may not be recognized




Created: 21.08.2020 - 09: 46
Stand: 20.05.2021 - 16: 03

Before using a Telesec signature card, it must be initialized. You assign individual PINs. In addition, receipt of the signature card must be confirmed. This can be done online.
Telesec provides the Sign Live! toolbox available for free. You can find it   here under "Public Key Service - Software Toolbox Sign Live! CC".

Updated: July 2020
Created: February 2016


Created: 10.02.2016 - 12: 39
Stand: 29.07.2020 - 12: 20

After receiving your Telesec signature card, you must complete the initialization (PINAllocation) and send the confirmation of receipt to the Telesec. This is usually done via the Sign Live! Toolbox. You have received a corresponding notice together with your signature card.

A subsequent sending of the confirmation of receipt is on the Telesec side here is possible.


As of: 29.06.2018/XNUMX/XNUMX

Created: 29.06.2018 - 12: 11
Stand: 29.06.2018 - 12: 11

In order to be able to use the signature card, you need different PINInitialize s on the card. You can do this with the free Sign Live! toolbox which can be downloaded from the Telesec website. Please go through all the steps. With that all will PINs initialized and at the end the confirmation of receipt is automatically transmitted to the Telesec.

T-Systems switches after receipt of the confirmation of receipt Free your signature card and send a corresponding email to the email address given in the application.

  Download Toolbox for WINDOWS

  Download Toolbox for Mac OS X

Status: August 2015

Created: 13.08.2015 - 13: 59
Stand: 23.12.2015 - 11: 29

With a TeleSec card, you assign one when you initialize (activate) the card SigGPIN2 and GlobalPIN2. These have the function of a PUK.
To the blocked by multiple incorrect entries PIN start to restore Sign Live! CC and select the menu item "Tools> Smartcard Tools> PIN reset to default". Follow the instructions in the dialogs.

You shouldn't PIN2 the signature card is blocked.

Status: January 2015

Created: 13.08.2015 - 11: 27
Stand: 21.08.2020 - 08: 39

If you have problems with your signature card - for example during initialization (PINAward) or when sending the confirmation of receipt - please contact Telesec support.

On the general  Telesec support page you will find answers to questions from different areas than FAQ.

Created: August 2017
Updated: August 2020


Created: 04.08.2017 - 14: 30
Stand: 21.08.2020 - 08: 42

There are 4 on a TeleSec signature card PINs that you all assign individually. Please make a note of all assigned PINs and keep this information in a safe place.

SigG PIN 1 (for qualified signature) - with this PIN execute the qualified signature.

Recognize PIN 1 (for encryption and authentication) - with this PIN encrypt documents or log into a portal.

SigG PIN 2 and Recognize PIN 2 if you need the respective PIN 1 blocked by entering incorrect entries several times. This is with one PUK comparable, with the difference that you are the PIN2 also awarded yourself.

How is it that the PIN 2 cannot be initialized with the message "The card reader ... is not supported"?

Card reader security is divided into classes. The card reader you are using probably has the maximum security class II and supports it in combination with the signature card used none safe PIN-Input.

Please deactivate in Sign Live! CC via menu item EXTRAS-Settings the safe PIN -Input.
We strongly recommend the use of a BSI (Federal Office for Information Security) certified card reader. The card readers we tested can be found in our data sheet.

Status: July 2015

Created: 12.08.2015 - 14: 03
Stand: 12.12.2016 - 15: 48

If you use the Telesec signature card and a contactless reader (e.g. REINER SCT cyberJack RFID Komfort), errors can occur if the signature card is in the contactless (rear) slot. The TeleSec card can work to a limited extent via contactless connections, but SigG PINs 1 and 2 cannot be used.

In this case, please use the front slot.


As of: December 2016

Created: 12.12.2016 - 15: 47
Stand: 12.12.2016 - 15: 49

Included with Sign Live! CC a lot of certificates are included. These are shown in groups. For the sake of clarity, it makes sense to have a create your own groupin which you can file your own certificates.
To obtain a certificate e.g. For example, to make a signature card available to third parties, save the certificate in this new group and export it.

How to export a certificate from your signature card using Sign Live! CC.

  • Start Sign Live! CC and there EXTRAS-> Certificates–> Certificate Management.
    The icons for editing are displayed in the top left.
  • Click on that first symbol to a new group to create.
    (If the symbol is not active, click on a white area in the "Filter" window).
  • Give the new group one Namur (in the window on the left), e.g. B. "My certificates" and confirm with "Close".
  • Select the menu item again EXTRAS-> Certificates–> Certificate Management.
    Now select the new group "My Certificates".
    (Make sure the card reader is connected to your PC is connected and the card is inserted.)
  • Click on the icon "Add entry".
    Select the action "Import certificate from a SmartCard" and "Next".
    The connection to the card is established and all certificates on the card are displayed.
  • Select the certificate you want off and "Next".
    (If the recipient would like to insert the certificate into Adobe Reader, for example, in order to check your signature there in the future, the "qualified signature" certificate must be selected.)
  • In the next window you have the opportunity to do that Name certificate or to use the standard identifier.
  • In the next window, please mark the certificate as "trustworthy".
  • After "Finish", the selected certificate is entered in the group.
  • Now you can use the symbol for "Export entry" save the certificate in any directory.

You can use the exported certificate, for example. B. make it available to a third party by e-mail. The recipient must import the certificate into their software.

How to get a certificate in Sign Live! CC import is in the FAQ "Import certificates" is described.

All the necessary functions are available to you via the context menu (right mouse button).

Status: July 2015

Created: 13.08.2015 - 11: 09
Stand: 22.12.2015 - 09: 12

How to import a certificate into Sign Live! CC:

  • Start Sign Live! CC and choose
    Menu item Tools> Certificates> Certificate Management.
  • Highlight the group in which the new certificate is to be added and select (top left) the second symbol to add the entry.
  • Highlight in the next window the desired action and press "Next".
  • Follow the further instructions.

Status: January 2014

Created: 13.08.2015 - 11: 14
Stand: 13.08.2015 - 11: 18

If you are the PIN If you have entered incorrectly several times, the signature card will be blocked. Whether you can remove the block again depends on the signature card used.

Some cards are wrong after several times PIN Input locked forever. In this case you have to apply for a new (replacement) signature card, as the blocking cannot be canceled. For cards for which TrustCenter has also issued you with a PUK you can by typing the PUK the PIN-Enable entry again.

If you work with a TeleSec signature card, assign a SigG-PIN2 and a globalPIN2. These have the function of a PUK. To the blocked by multiple incorrect entries PIN to restore, start Sign Live! CC and select the menu item "Tools> Smartcard Tools>" PIN reset to default". Follow the information in the dialogs.

Updated: January 2015



Created: 13.08.2015 - 11: 36
Stand: 22.12.2015 - 09: 13

Most signature cards come with a transportPIN delivered. This transportPIN you can with Sign Live! CC in your personal PIN to change. Depending on the signature card, this can also be several transportPINs, which then all have to be changed one after the other.

To do this, start Sign Live! CC and please select the menu item "Tools> Smartcard Tools> PIN Management". Follow the instructions in the dialogs.

Status: July 2015

Created: 13.08.2015 - 11: 53
Stand: 06.11.2019 - 11: 44

Bundesdruckerei has the New application a sign-me card certificate for the identity card was switched off at the end of June 2017. Without this certificate, a signature with the nPA is not possible.
Certificates that are already on the ID card can still be used without restriction during the term of the certificate.

More information can be found further  on the side of the Bundesdruckerei.


As of August 2017

Created: 14.08.2017 - 12: 49
Stand: 14.11.2017 - 15: 58

FAQ search