diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java
index 8371bb2..446d3be 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java
@@ -32,6 +32,7 @@
 import java.io.IOException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.Security;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.time.LocalDateTime;
@@ -47,6 +48,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.config.ConfigurableBeanFactory;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -91,6 +93,8 @@ public class DgcGatewayDownloadConnector {
 
     @PostConstruct
     void init() throws KeyStoreException, CertificateEncodingException, IOException {
+        Security.addProvider(new BouncyCastleProvider());
+
         String trustAnchorAlias = properties.getTrustAnchor().getAlias();
         X509Certificate trustAnchorCert = (X509Certificate) trustAnchorKeyStore.getCertificate(trustAnchorAlias);
 
@@ -199,9 +203,15 @@ private boolean checkThumbprintIntegrity(TrustListItemDto trustListItem) {
     }
 
     private boolean checkCscaCertificate(TrustListItemDto trustListItem) {
-        return trustedCscaCertificates
+        boolean result = trustedCscaCertificates
             .stream()
             .anyMatch(ca -> connectorUtils.trustListItemSignedByCa(trustListItem, ca));
+
+        if (!result) {
+            log.info("Could not find valid CSCA for DSC {}", trustListItem.getKid());
+        }
+
+        return result;
     }
 
     private boolean checkUploadCertificate(TrustListItemDto trustListItem) {
diff --git a/src/main/java/eu/europa/ec/dgc/signing/SignedCertificateMessageBuilder.java b/src/main/java/eu/europa/ec/dgc/signing/SignedCertificateMessageBuilder.java
index 744a5cd..7cffacc 100644
--- a/src/main/java/eu/europa/ec/dgc/signing/SignedCertificateMessageBuilder.java
+++ b/src/main/java/eu/europa/ec/dgc/signing/SignedCertificateMessageBuilder.java
@@ -22,6 +22,7 @@
 
 import java.io.IOException;
 import java.security.PrivateKey;
+import java.security.Security;
 import java.util.Base64;
 import lombok.NoArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -32,6 +33,7 @@
 import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.cms.SignerInfoGenerator;
 import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.DefaultAlgorithmNameFinder;
 import org.bouncycastle.operator.DigestCalculatorProvider;
@@ -83,6 +85,8 @@ public SignedCertificateMessageBuilder withPayloadCertificate(X509CertificateHol
      * @return Bytes of signed CMS message.
      */
     public byte[] build(boolean detached) {
+        Security.addProvider(new BouncyCastleProvider());
+
         if (payloadCertificate == null || signingCertificate == null || signingCertificatePrivateKey == null) {
             throw new RuntimeException("Message Builder is not ready");
         }
diff --git a/src/main/java/eu/europa/ec/dgc/signing/SignedCertificateMessageParser.java b/src/main/java/eu/europa/ec/dgc/signing/SignedCertificateMessageParser.java
index 84291d0..27ab0fb 100644
--- a/src/main/java/eu/europa/ec/dgc/signing/SignedCertificateMessageParser.java
+++ b/src/main/java/eu/europa/ec/dgc/signing/SignedCertificateMessageParser.java
@@ -22,6 +22,7 @@
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.security.Security;
 import java.security.cert.CertificateException;
 import java.util.Base64;
 import java.util.Collection;
@@ -36,6 +37,7 @@
 import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.cms.SignerInformation;
 import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.OperatorCreationException;
 
 /**
@@ -164,6 +166,8 @@ public SignedCertificateMessageParser(@NonNull String cmsSignature, @NonNull byt
     }
 
     private void afterPropertiesSet() {
+        Security.addProvider(new BouncyCastleProvider());
+
         // Parse Base64
         byte[] cmsBytes;
         byte[] cmsPayloadBytes = null;