Translations of this page:

HRZ-Wiki

User Tools

Site Tools

Trace: Certification authorities
en:tp:certificates:ca

Table of Contents

Certification authorities

For proper functioning, the following certification authorities must be available in the operating system / software used. If one or more certification authorities are missing, download them below and import them according to the instructions.

Public certification authorities

Public digital certificates at Jade University are issued in cooperation with DFN-CERT via 2 procedures.

DFN-PKI - Global G2

Public digital certificates of the DFN-PKI - Global G2 are issued by DFN-CERT in conjunction with “T-Systems Enterprise Services GmbH”. Therefore, their certification authority “T-TeleSec GlobalRoot Class 2” appears as the root certification authority and the other two as intermediate certification authorities below it. This results in the following certification chain: * T-TeleSec GlobalRoot Class 2

GÉANT-TCS - Sectigo

Public digital certificates from GÉANT-TCS - Sectigo are issued by GÉANT in conjunction with “Sectigo”. Therefore, their certification authority “AAA Certificate Services” appears as the root certification authority and the other two as intermediate certification authorities below it. This results in the following certification chain:

As a rule, the public certification authorities are already included in the operating systems.

Internal certification bodies

Internal digital certificates at Jade University are issued by the University Computer Centre. These root certification authorities are used here:

Operating systems

Microsoft Windows

Devices in the PC network system (e.g. devices in the pool rooms / virtual desktops) are already equipped with all certification authorities, so no change is necessary here. On all other devices, they must be logged in as users with administrative rights to integrate certification authorities.

  • Start → Manage Computer Certificates (type in)
  • Certificates - Local Computer
    • Trusted Root Certification Authorities → Certificates
      • AAA Certificate Services
      • HS-WOE Certificate Authority (hs-woe.de)
      • HS-WOE Certificate Authority (META)
      • T-TeleSec GlobalRoot Class 2
    • Intermediate Certification Authorities → Certificates
      • DFN-Verein Certification Authority 2
      • DFN-Verein Global Issuing CA
      • GEANT OV RSA CA 4
      • USERTrust RSA Certification Authority

Missing certification authorities can be added by right-clicking on the respective folder Certificates → All tasks → “Import…”. add them.

Apple iOS/iPadOS

  • Settings → General → Profiles
    • AAA Certificate Services
    • DFN-Verein Global Issuing CA
    • DFN-Verein Certification Authority 2
    • HS-WOE Certificate Authority (META)
    • T-TeleSec GlobalRoot Class 2
  • Settings → General → Info → Certificate Trust Settings
    • AAA Certificate Services: enabled
    • HS-WOE Certificate Authority (META): enabled
    • HS-WOE Certificate Authority (hs-woe.de): enabled
    • T-TeleSec GlobalRoot Class 2: activated

The easiest way to get missing certificate authorities onto the device is from an existing (mobile) network access.

  • Download the above certificate authorities with Safari.
  • Load configuration profile: Allow
  • Go to Settings → General → Profiles
  • Tap on the new profile
  • Tap on “Install” in the upper right corner and follow the instructions
  • Tap on “Done”
  • Repeat the process with the other certification authorities.
  • Go to Settings → General → About → Certificate Trust Settings
  • Activate all certification authorities

Apple macOS

To integrate certification authorities, you must be logged in as a local user with administrative rights.

  • Finder → Applications → Utilities → Keychain Administration
  • Keychain System
    • AAA Certificate Services
    • DFN-Verein Certification Authority 2
    • DFN-Verein Global Issuing CA
    • HS-WOE Certificate Authority (hs-woe.de)
    • HS-WOE Certificate Authority (META)
    • T-TeleSec GlobalRoot Class 2

The easiest way to add missing certificate authorities to the device is from an existing network access.

  • Click on the above certificate authorities in a browser.
  • Select “Open with: Keychain Access”
  • Use the “System” keychain
  • Repeat the process for all certificate authorities.

Google Android

  • Settings → Security → (Advanced) → Encryption and Credentials
    • Trusted credentials
      • AAA Certificate Services
      • T-Systems Enterprise Services GmbH - T-TeleSec GlobalRoot Class 2
    • User credentials
      • AAA Certificate Services - Installed for WLAN
      • DFN-Verein Certification Authority 2 - Installed for WLAN
      • DFN-Verein Global Issuing CA - Installed for WLAN
      • HS-WOE Certificate Authority (META) - Installed for WLAN
      • HS-WOE Certificate Authority (hs-woe.de) - Installed for WLAN
      • T-TeleSec GlobalRoot Class 2 - Installed for WLAN

The easiest way to get missing certificate authorities onto the device is from an existing (mobile) network access. Download the above certificate authorities with a browser and open the downloaded file. The “Name Certificate” dialogue appears:

  • Certificate name:
    • AAA Certificate Services
    • DFN-Verein Certification Authority 2
    • DFN-Verein Global Issuing CA
    • HS-WOE Certificate Authority (hs-woe.de)
    • HS-WOE Certificate Authority (META)
    • T-TeleSec GlobalRoot Class 2
  • Use of credentials: WLAN

Ubuntu Linux

  • Passwords and encryption
    • sudo apt install seahorse
  • Filter entries (3 dots top right) → Show all
  • Certificates → Default Trust
    • T-TeleSec GlobalRoot Class 2
  • Certificates → System Trust
    • AAA Certificate Services
    • DFN-Verein Certification Authority 2
    • DFN-Verein Global Issuing CA
    • HS-WOE Certificate Authority (hs-woe.de)
    • HS-WOE Certificate Authority (META)
    • T-TeleSec GlobalRoot Class 2

The easiest way to get missing certificate authorities onto the device is from an existing network access. Download the above certificate authorities to the Downloads folder using a browser. Then add them system-wide: 

cd ~/Downloads
sudo trust anchor aaa_certificate_services-2004-01-01.pem
sudo trust anchor usertrust_rsa_certification_authority-2019-03-12.pem
sudo trust anchor geant_ov_rsa_ca_4-2020-02-18.pem
sudo trust anchor t-telesec_globalroot_class_2-20081001.pem
sudo trust anchor dfn-verein_certification_authority_2-20160222.pem
sudo trust anchor dfn-verein_global_issuing_ca-20160524.pem
sudo trust anchor hs-woe_certificate_authority_hs-woe.de-20161121.pem
sudo trust anchor hs-woe_certificate_authority_meta-20140601.pem

To check, restart the “Passwords and Encryption” application once.

Software

Mozilla Firefox

Mozilla Firefox is available for Apple macOS, Linux and Microsoft Windows, but usually uses its own built-in certificate store.

  • Application menu (3 horizontal bars) → Settings → Privacy & Security → Certificates → Show Certificates…
  • Map certification authorities:
    • Wilhelmshaven/Oldenburg/Elsfleth University of Applied Sciences.
      • HS-WOE Certificate Authority (hs-woe.de)
      • HS-WOE Certificate Authority (META)
    • T-Systems Enterprise Services GmbH
      • T-Telesec GlobalRoot Class 2
      • DFN-Verein Certification Authority 2
    • The USERTRUST Network
      • GEANT OV RSA CA 4
    • Association for the Promotion of a German Research Network e.V.
      • DFN-Verein Global Issuing CA

Missing certification authorities can be added via the button “Import…”. button.

en/tp/certificates/ca.txt · Last modified: 2022/04/29 22:00 by vi1005