Translations of this page:

User Tools

Site Tools


en:tp:certificates:start

Certificates

In cooperation with the DFN association, the university computing center offers a public key infrastructure (PKI). The PKI enables the following services:

You can find more information on the website of the DFN-PKI.

User certificates

University members - with the exception of students - can use the DFN-PKI to receive digital user certificates according to the X.509 standard, which are suitable for signing and encrypting files / documents and e-mails once they have been verified.

Application

When applying for a user certificate, a key pair is generated on your PC under your user ID and in the web browser you use, which is then signed by the DFN-PKI.

Please apply for your user certificate on the DFN-PKI website on the Certificates / User Certificate card.

IMPORTANT: Do not do this in a public pool room.

Follow the instructions on the website. At the end of the application, you will be asked to print out the certificate application.

Print the application on a (!) double-sided (!) printed sheet. Please bring this certificate application, signed by hand, with a valid, official identification document to the University Computing Center.

Exhibition

After the test, you will receive an email from the DFN-PKI describing the further procedure. Please follow the instructions in the email here.

IMPORTANT: Carry out this process on the same PC, under the same user ID and in the same web browser that you used when applying for the user certificate.

At the end of the procedure, there is a valid user certificate for use. Depending on the operating system and web browser used, the certificate can be found at different locations when applying:

  • Microsoft Windows
    • Google Chrome, Microsoft Edge / Internet Explorer
      • In the Windows certificate store of the operating system under Control Panel / Internet Options / Contents / Certificates: “Own certificates” card
    • Mozilla Firefox
      • In the Mozilla Firefox application under Settings / Advanced / Certificates / Show Certificates / Your Certificates

Securing

Immediately after the display, you should save your user certificate. The export is important for the following functions:

  • Import of the user certificate into the Windows certificate store Windows Cryptographic Service Provider (CSP)
  • Import of the user certificate into other software products (e.g. Mozilla Firefox and Thunderbird)
  • Import of the user certificate into a security token (smart card)
  • Import of the user certificate into another device (e.g. another PC)

The procedure differs slightly depending on the operating system and web browser used when applying:

  • Microsoft Windows
    • Google Chrome, Microsoft Edge / Internet Explorer
      • In the operating system under Control Panel / Internet Options / Contents / Certificates: “Own Certificates” card
      • Double-click your user certificate and note the starting validity date (valid from) in the following form: YYYY-MM-DD. Close the window with “OK”.
      • Mark your user certificate and click on “Export”. Follow the instructions, be sure to export the private key and assign a strong password with at least 8 characters. You should use the following notation as the file name: <YYYY-MM-DD> _DFN-Verein_Global_Issuing_CA_ <Vorname_Sachname> .pfx
      • Use the “Browse” button to select a suitable storage location outside of your PC (e.g. drive Z: \ Certificates). Make a note of the associated password so that you can restore the user certificate if necessary.
  • Mozilla Firefox
    • In Mozilla Firefox under Settings / Privacy & Security / Certificates area: Show certificates / Your certificates
    • Double-click your certificate and note the date under Validity / Starts with in the following form: YYYY-MM-DD. Close the window with “Close”.
    • Click on “Save”. You should use the following notation as the file name: <YYYY-MM-DD> _DFN-Verein_Global_Issuing_CA_ <Vorname_Sachname> .p12
    • Assign a strong password with at least 8 characters.
    • Save this file outside of your PC (e.g. drive Z: \ Certificates).
    • Make a note of the associated password so that you can restore the user certificate if necessary.

Please keep your expired user certificates as well. You need this to check signatures and to decrypt emails.

Server Certificates

University members - with the exception of students - can also receive digital server certificates according to the X.509 standard with the help of the DFN-PKI. Please talk to your colleagues at the HRZ.