Secure E-Mail

Secure E-Mail Communication

With Secure E-Mail HSH Nordbank is reacting to the increasing risks with e-mail communication in the internet and is thus offering its clients and partners the possibility of exchanging confidential information in a secure manner.

In the Secure E-Mail Quick Users Guide , which you can download and print out as a PDF document, we are introducing to you the three tasks of secure e-mail communication, the possibilities for using secure e-mail communication and the way it works. In addition we are giving you answers to the frequently-asked questions (FAQs).

What do I need to participate in coded e-mail communication with HSH Nordbank?

Either a S/MIME certificate or a PGP code.

What if I don’t have a certificate or code?

In this case you can register as a WebMail user, PDF user or you can have an HSH Nordbank certificate issued.

What is the difference between a coded e-mail communication, the WebMail system or PDF transmission?

When using the WebMail system the e-mail remains on the HSH Nordbank server and you authenticate yourself via a browser with user name and password. If an new e-mail arrives in your WebMail in-box, you will receive a normal notification from Secure E-Mail together with a link for easy access to the WebMail system. File attachments can be saved from this system to the respective local computer.

As a PDF user, you receive an e-mail directly into your e-mail program. This e-mail contains a password protected attachment, the PDF file, with the original e-mail in it. If the original e-mail had attachments, they will be available inside of the PDF document.

Using e-mail encryption, your e-mails always arrive directly in your e-mail program. Hereby the encryption and decryption of messages takes place automatically between Secure E-Mail and the e-mail client.

What if I decide to use WebMail, but later receive a certificate?

No problem. The WebMail system provides you with the option to load up your certificate. From then onwards, e-mails will no longer be delivered via WebMail, but as encrypted e-mails to your e-mail program.

What if I decide to use PDF, but later receive a certificate?

No problem. Please contact our Service Center for switching your user type and transmitting your certificate.

If I have a S/MIME certificate, or a PGP code and send this to the Secure E-Mail system, will it be used immediately?

Generally, yes. In the Secure E-Mail System there are various positions of trust set up for certificates, so that many incoming certificates are directly trusted. If this is not the case, the administration carries out a manual check. This can be combined with a telephone check of the digital fingerprint stored in the certificate or code. But don’t worry, this procedure serves security, is generally known to code users and creates confidence.

Root Certificate and Valid Certificates of HSH Nordbank, Trustworthy Certificates

Root certificate

To check the authenticity of the root certificate of HSH Nordbank AG a comparison with the so-called fingerprint is used. Only if the fingerprint of the root certificate received is identical to the one listed here can you assume authenticity.

Fingerprint root certificate HSH Nordbank AG

ea 66 b9 f7 79 f1 eb 4f 42 e2 9c 56 91 7c 02 68 59 83 b2 30

If the root certificate is not yet available in your e-mail programme you can download the root certificate here.

You must explicitly declare trust in this certificate in your e-mail programme. You will find more information about this further on on this page.

Valid certificates of HSH Nordbank staff / status information / certificate revocation list

To increase security and as a protection against misuse it can become necessary to block certificates of members of staff of HSH Nordbank AG.

In order to keep the status of a certificate constantly up-to-date a certificate revovation list (CRL) is generated and released daily.

You can find the up-to-date revocation list under:
https://secure-email.hsh-nordbank.com/SecMail/ServiceHandler?service=createCRL

To use the revocation list please save it and integrate it manually.

Trustworthy certificates and accepted certificate issuers

There are some issuers of certificates to whom we have already declared our trust in general.We have put together the selection of them for you in an certification center overview .

If you possess a certificate of one of these issuers then you can exchange secure e-mails directly with HSH Nordbank AG. If you use a certificate of another issuer then this first has to be checked by our administration and trust has to be explicitly declared for it.

In this regard please contact your client service and support officer or communication partner at HSH Nordbank, who will inform you of the procedure or will arrange for you to receive skilled support.

Further information

If your e-mail programme is not able to verify a certificate of HSH Nordbank AG then please check the following points:

  • Does your e-mail programme know the root certificate of HSH Nordbank AG and does it trust it? If this is not the case you can download and integrate the root certificate. In this you must generate the position of trust for the certificate.
  • Does your e-mail programme require a certificate revocation list (CRL) which contains the up-to-date information about blocked certificates of HSH Nordbank? In that case you will find the revocation list under https://secure-email.hsh-nordbank.com/SecMail/ServiceHandler?service=createCRL .

If you do not have the digital certificate of a member of staff of HSH Nordbank you will not be able to exchange any encrypted e-mails.

  • Contact your client service and support officer or communication partner at HSH Nordbank AG and ask him or her to send you a secure e-mail. Usually when they receive such an e-mail the e-mail programmes automatically extract the certificate and save it. Only in a few exceptional cases do you have to become active yourself in this.
  • If the e-mail of a member of staff of HSH Nordbank which has been received could not be verified by your e-mail programme you will have to import the root certificate. In this case please proceed as described above.

Should you have any further questions please contact your IT-support function or call our Service Centre. You can reach us under
+49 40 3333-23423 for Hamburg and under 0431 900-23423 for Kiel. We are there for you from Monday to Friday between 7:00 a.m and 6.00 p.m.