Table of Contents
Certification authorities
For proper functioning, the following certification authorities must be available in the operating system / software used. If one or more certification authorities are missing, download them below and import them according to the instructions.
Public certification authorities
As a rule, the public certification authorities are already included in the operating systems.
Public digital certificates at Jade University are issued in cooperation with DFN-CERT via 2 procedures.
DFN-PKI - Global G2
Public digital certificates of the DFN-PKI - Global G2 are issued by DFN-CERT in conjunction with „T-Systems Enterprise Services GmbH“. Therefore, their certification authority „T-TeleSec GlobalRoot Class 2“ appears as the root certification authority and the other two as intermediate certification authorities below it. This results in the following certification chain:
GÉANT-TCS - Sectigo
Public digital certificates from GÉANT-TCS - Sectigo are issued by GÉANT in conjunction with „Sectigo“. The following certification chains result for Jade University of Applied Sciences:
Trust Path A:
- USERTrust RSA Certification Authority (Valid 2010-02-01 - 2038-01-18)
- GEANT OV RSA CA 4 (Valid 2020-02-18 - 2033-05-01, for server certificates)
- GEANT Personal CA 4 (Valid 2020-02-18 - 2033-05-01, for user certificates)
- Sectigo RSA Organization Validation Secure Server CA (Valid 2018-11-02 - 2030-12-31, for ACME server certificates)
Trust Path C:
- AAA Certificate Services (Valid 2004-01-01 - 2028-12-31)
- USERTrust RSA Certification Authority (Valid 2019-03-12 - 2028-12-31)
- GEANT OV RSA CA 4 (Valid 2020-02-18 - 2033-05-01, for server certificates)
- GEANT Personal CA 4 (Valid 2020-02-18 - 2033-05-01, for user certificates)
- Sectigo RSA Organization Validation Secure Server CA (Valid 2018-11-02 - 2030-12-31, for ACME server certificates)
Internal certification bodies
Internal digital certificates at Jade University are issued by the University Computer Centre. These root certification authorities are used here:
Operating systems
Microsoft Windows
Devices in the PC network system (e.g. devices in the pool rooms / virtual desktops) are already equipped with all certification authorities, so no change is necessary here. On all other devices, they must be logged in as users with administrative rights to integrate certification authorities.
- Start → Manage Computer Certificates (type in)
- Certificates - Local Computer
- Trusted Root Certification Authorities → Certificates
- AAA Certificate Services
- HS-WOE Certificate Authority (hs-woe.de)
- HS-WOE Certificate Authority (META)
- T-TeleSec GlobalRoot Class 2
- Intermediate Certification Authorities → Certificates
- DFN-Verein Certification Authority 2
- DFN-Verein Global Issuing CA
- GEANT OV RSA CA 4
- USERTrust RSA Certification Authority
Missing certification authorities can be added by right-clicking on the respective folder Certificates → All tasks → „Import…“. add them.
Apple iOS/iPadOS
- Settings → General → Profiles
- AAA Certificate Services
- DFN-Verein Global Issuing CA
- DFN-Verein Certification Authority 2
- HS-WOE Certificate Authority (META)
- T-TeleSec GlobalRoot Class 2
- Settings → General → Info → Certificate Trust Settings
- AAA Certificate Services: enabled
- HS-WOE Certificate Authority (META): enabled
- HS-WOE Certificate Authority (hs-woe.de): enabled
- T-TeleSec GlobalRoot Class 2: activated
The easiest way to get missing certificate authorities onto the device is from an existing (mobile) network access.
- Download the above certificate authorities with Safari.
- Load configuration profile: Allow
- Go to Settings → General → Profiles
- Tap on the new profile
- Tap on „Install“ in the upper right corner and follow the instructions
- Tap on „Done“
- Repeat the process with the other certification authorities.
- Go to Settings → General → About → Certificate Trust Settings
- Activate all certification authorities
Apple macOS
To integrate certification authorities, you must be logged in as a local user with administrative rights.
- Finder → Applications → Utilities → Keychain Administration
- Keychain System
- AAA Certificate Services
- DFN-Verein Certification Authority 2
- DFN-Verein Global Issuing CA
- HS-WOE Certificate Authority (hs-woe.de)
- HS-WOE Certificate Authority (META)
- T-TeleSec GlobalRoot Class 2
The easiest way to add missing certificate authorities to the device is from an existing network access.
- Click on the above certificate authorities in a browser.
- Select „Open with: Keychain Access“
- Use the „System“ keychain
- Repeat the process for all certificate authorities.
Google Android
- Settings → Security → (Advanced) → Encryption and Credentials
- Trusted credentials
- AAA Certificate Services
- T-Systems Enterprise Services GmbH - T-TeleSec GlobalRoot Class 2
- User credentials
- AAA Certificate Services - Installed for WLAN
- DFN-Verein Certification Authority 2 - Installed for WLAN
- DFN-Verein Global Issuing CA - Installed for WLAN
- HS-WOE Certificate Authority (META) - Installed for WLAN
- HS-WOE Certificate Authority (hs-woe.de) - Installed for WLAN
- T-TeleSec GlobalRoot Class 2 - Installed for WLAN
The easiest way to get missing certificate authorities onto the device is from an existing (mobile) network access. Download the above certificate authorities with a browser and open the downloaded file. The „Name Certificate“ dialogue appears:
- Certificate name:
- AAA Certificate Services
- DFN-Verein Certification Authority 2
- DFN-Verein Global Issuing CA
- HS-WOE Certificate Authority (hs-woe.de)
- HS-WOE Certificate Authority (META)
- T-TeleSec GlobalRoot Class 2
- Use of credentials: WLAN
Ubuntu Linux
- Passwords and encryption
- sudo apt install seahorse
- Filter entries (3 dots top right) → Show all
- Certificates → Default Trust
- T-TeleSec GlobalRoot Class 2
- Certificates → System Trust
- AAA Certificate Services
- DFN-Verein Certification Authority 2
- DFN-Verein Global Issuing CA
- HS-WOE Certificate Authority (hs-woe.de)
- HS-WOE Certificate Authority (META)
- T-TeleSec GlobalRoot Class 2
The easiest way to get missing certificate authorities onto the device is from an existing network access. Download the above certificate authorities to the Downloads folder using a browser. Then add them system-wide:
cd ~/Downloads sudo trust anchor aaa_certificate_services-2004-01-01.pem sudo trust anchor usertrust_rsa_certification_authority-2019-03-12.pem sudo trust anchor geant_ov_rsa_ca_4-2020-02-18.pem sudo trust anchor t-telesec_globalroot_class_2-20081001.pem sudo trust anchor dfn-verein_certification_authority_2-20160222.pem sudo trust anchor dfn-verein_global_issuing_ca-20160524.pem sudo trust anchor hs-woe_certificate_authority_hs-woe.de-20161121.pem sudo trust anchor hs-woe_certificate_authority_meta-20140601.pem
To check, restart the „Passwords and Encryption“ application once.
Software
Mozilla Firefox
Mozilla Firefox is available for Apple macOS, Linux and Microsoft Windows, but usually uses its own built-in certificate store.
- Application menu (3 horizontal bars) → Settings → Privacy & Security → Certificates → Show Certificates…
- Map certification authorities:
- Wilhelmshaven/Oldenburg/Elsfleth University of Applied Sciences.
- HS-WOE Certificate Authority (hs-woe.de)
- HS-WOE Certificate Authority (META)
- T-Systems Enterprise Services GmbH
- T-Telesec GlobalRoot Class 2
- DFN-Verein Certification Authority 2
- The USERTRUST Network
- GEANT OV RSA CA 4
- Association for the Promotion of a German Research Network e.V.
- DFN-Verein Global Issuing CA
Missing certification authorities can be added via the button „Import…“. button.