Translations of this page:

User Tools

Site Tools


en:tp:certificates:usercert

User certificates

Application

When you apply for a digital user certificate, a key pair is generated on your PC under your user ID and in the web browser you are using, which is then signed by the DFN-PKI.

Please apply for your digital user certificate on the User certificate → Apply for user certificate card of the DFN-PKI with the following notes:

  • Department (OU): usually leave this field blank.
  • Publication of the certificate: activated

At the end of the application you will be asked to,

  • check the information for correctness and correct it if necessary
  • save the application file by entering a password
    • note the password and the location (the application file with the file name application file*.json will be needed later)
  • download the certificate application form with the file name certificate application*.pdf

Please print the certificate application form and fill it out completely. Bring the certificate application form signed by your own hand and presenting a valid, official identification document to the University Computer Centre.

Issue

Once the check has been completed, you will receive an e-mail from the DFN-PKI describing how to proceed. Please follow the instructions in the e-mail:

  • Click on the link for a user certificate.
  • Use the “Browse” button to select the application file (file extension .json) that you saved locally on your PC when you applied for the certificate.
  • Enter the password you chose when applying and click on the “Next” button
  • Click on the button “Save certificate file” to save the certificate together with the private key in the format PKCS#12 (file extension .p12) on your device.
  • Enter your desired password 2x again and click on the button “Ok”.
  • Save the certificate file (file extension .p12) to a suitable location outside your PC (e.g. drive Z:\Zertifikate). Remember the associated password so that you can restore the digital user certificate if necessary.

Rename the certificate file according to the following notation:

<JJJJ-MM-TT>_DFN-Verein_Global_Issuing_CA_<Vorname_Nachname>.p12

Integration

The integration of the digital user certificate depends on the operating system and software used.

Please also keep your expired digital user certificates. You will need them to check signatures and to decrypt e-mails.

Microsoft Windows

The Microsoft Windows operating system stores digital user certificates and certification authorities in a central location, the Windows certificate store (Cryptographic Service Provider). As soon as you use software that uses the Windows certificate store, you must import your digital user certificate into this central certificate store:

  • Start → Internet Options (type) → Map: Contents
  • Certificates → “My Certificates” tab → Import…
    • When prompted for a password, enter the password you selected yourself under “Issue”.
    • In the import options, also activate the field “Mark key as exportable”.

Software under Microsoft Windows that uses the central certificate store are Google Chrome , Microsoft Edge / Outlook.

Apple iOS/iPadOS

The Apple iOS & iPadOS operating systems store digital user certificates and certificate authorities in a central location in the operating system. You must therefore bring your digital user certificate to the device in order to store it in this central certificate store:

  • Send yourself and only via the Jade University email system an email to which you attach your digital user certificate.
  • In the “Mail” app, open the received email and tap on the attached user certificate. The operating system confirms the integration with the message “Profile loaded …”.
  • Go to Settings → General → Profiles.
  • Here you will find a new identity certificate:
    • Tap “Install” at the top right (the prompt may be repeated).
    • Enter the password you have chosen under “Issue” and tap on “Next”.
    • Finish the installation of the new profile by tapping on “Done”.

Apple macOS

The Apple macOS operating system stores digital user certificates and certification authorities in a central location, the key ring management. Therefore, import your digital user certificate into this central certificate store:

  • Double-click the digital user certificate file.
  • The keyring management tries to change the system keyring, so you have to log in.
    • Use the password of your local Apple user here.
  • You will be asked for the password for your digital user certificate.
    • Enter the password you selected yourself under “Issue”.
  • Check: Your digital user certificate appears in the key ring management in the key ring “System” and the category “My certificates”.

Google Android

The Google Android operating system stores digital user certificates and certificate authorities in a central location in the operating system. You must therefore bring your digital user certificate to the device in order to store it in this central certificate store:

  • Send yourself and only via the Jade University email system an email to which you attach your digital user certificate.
  • On your Google Android device, open the received email and save the attached user certificate in the file system.
  • Go to Settings → Security → (Advanced) → Encryption and Credentials.
  • Tap on “Install from SD card” and point to the previously saved file of your digital user certificate.
  • In the “Extract Certificate” window, enter the password you selected yourself under “Issue” and tap on “Next”.
  • In the “Name certificate” window, enter the following:
    • Certificate name: DFN-PKI (your email address).
    • Use of login data: VPN and Apps
  • Finish the installation by tapping OK.

You can then find the installed digital user certificate under Settings → Security → (Advanced) → Encryption and Credentials → User Credentials.

Linux

Linux stores digital user certificates and certification authorities in a central location, the application “Passwords and Encryption” shows them. However, importing your digital user certificate is currently not possible, i.e. it cannot be stored in this central certificate store. You must therefore import your digital user certificate into the respective application (e.g. Evolution or Firefox).

Use

After the integration of the digital user certificates, these can be used to increase security in the following services:

en/tp/certificates/usercert.txt · Last modified: 2022/02/28 12:46 by vi1005