User Tools

Site Tools


en:services:certificates:usercerts

User Certificates

Members of the Jade University, excluding students, can receive digital user certificates according to the X.509 standard with aid of the DFN-PKI, which are suitable for the signing and encryption of files/documents and e-mails after an identity verification. Please apply for the user certificates only after consultation of the university computing centre.

Application

When applying for user certificates, a key pair will be generated in the webbrowser you use on your personal computer by using your user id. Later, this key pair will be signed by the DFN-PKI.

Please apply for your user certificate on the following websites under the item Zertifikate / Nutzerzertifikate (ENG: „certificates / user certificates“):

IMPORTANT: Do not execute this operation in a public PC-room.

Follow the instructions on the website. At the end of the application, you will be asked to print out the certificate application. At this point, we kindly ask you to make sure that you print it out double-sidedly on one (!) sheet. Please sign this application personally and hand it in at the university computing centre. Bring a valid, official identity document.

Issuance

After a verification, you will receive an e-mail from the DFN-PKI, which describes the further procedure. Please follow the instructions of said e-mail.

IMPORTANT: Execute this operation on the same computer and under the same user id you have used for the application of the user certificate. Also use the same webbrowser.

At the end of the procedure, you will have a valid user certificate at hand. Depending on the webbrowser you used when applying, you will find the user certificate under one of the following places:

  • Microsoft Internet Explorer: Extras / Internet Options / Contents / Certificates: Card „Own Certificates“
  • Mozilla Firefox: Settings / Extended / Certificates / Show Certificates / Your Certificates“

Backup

Right after the issuance, you should save your user certificate in a file. The export is important for the following functions:

  • Import of the user certificate into the Windows certificate memory Windows Cryptographic Service Provider (CSP)
  • Import of the user certificate into other software products (e.g. Mozilla Firefox and Thunderbird)
  • Import of the user certificate into a security token (Smartcard)

The procedure differs according to the webbrowser you used during the application:

Microsoft Internet Explorer: Settings / Internet Options / Contents / Certificates: Card „Own Certificates“ Double-click on your user certificate and note the commencing validity date (valid from) in the following form: YYYY-MM-DD. Close the window with „OK“. Mark your user certificate and click on „Export“. Now, follow the instructions. In doing so, it is strictly necessary that you export the private key and assign a password with a minimum of 8 characters. For the file name, you should use the following notation: * <YYYY-MM-DD>_DFN-Verein_Global_Issuing_CA_<FirstName_LastName>.pfx With aid of the button „Search for“, you decide on an appropriate storage location outside your personal computer (e.g. Drive Z:\Certificates). Keep the according password in mind, in order to restore the user certificate, in case it is necessary. Mozilla Firefox: Settings / Data Privacy & Security / Area of Certificates: Show Certificates / Your Certificates Double-click on your user certificate and note the date under Period of Validity / Starting with in the following form: YYYY-MM-DD. Close the window by clicking „Close“. Click on „Save“. For the file name, you should use the following notation: * <YYYY-MM-DD>_DFN-Verein_Global_Issuing_CA_<FirstName_LastName>.p12 Assign a strong password with a minimum of 8 characters. Save this file outside your personal computer (e.g. drive Z:\Certificates). Keep the according password in mind, in order to restore the user certificate, in case it is necessary. Important**: Please keep the old, expired user certificates, too. You will need them to control signatures and to decode e-mails.