Translations of this page:

User Tools

Site Tools


You are not allowed to perform this action
en:tp:certificates:usercerts-dfn

User certificates - DFN

General

Legal principles relating to electronic signatures can be found in the Documentation of the DFN-PKI. With the help of the DFN-PKI, user certificates for advanced electronic signatures are made possible.

The issuing of user certificates by the DFN ends on 31.12.2023. The DFN user certificates applied for up to this date are (nevertheless) still valid for 3 years as usual. User certificates will be replaced by the GEANT Trusted Certificate Services in conjunction with the company Sectigo from the above-mentioned date at the latest. Please follow these instructions.

Application

When you apply for a digital user certificate, a key pair is generated on your PC under your user ID and in the web browser you use, which is then signed by the DFN-PKI.

Please apply for your digital user certificate on the User certificate → Apply for user certificate card of the DFN-PKI with the following instructions:

  • Department (OU): usually leave this field blank.
  • Publication of the certificate: activated

At the end of the application you will be asked to,

  • check the information for accuracy and correct it if necessary
  • Save the application file by entering a password.
    • note the password and location (the application file with the file name Application file*.json will be needed later)
  • download the certificate application form with the file name certificate application*.pdf

Please print the certificate application form and fill it out completely. Bring the certificate application form signed by yourself and presenting a valid, official identification document to the University Computer Centre.

Issue

After successful verification, you will receive an e-mail from the DFN-PKI describing the further procedure. Please follow the instructions in the e-mail:

  • Click on the link for a user certificate.
  • Use the “Browse” button to select the application file (file extension .json) that you saved locally on your PC when you applied for the certificate.
  • Enter the password you chose when applying and click on the “Next” button
  • Click on the button “Save certificate file” to save the certificate together with the private key in the format PKCS#12 (file extension .p12) on your device.
  • Enter your desired password 2x again and click on the button “Ok”.
  • Save the certificate file (file extension .p12) to a suitable location outside your PC (e.g. drive Z:\Zertifikate). Remember the associated password so that you can restore the digital user certificate if necessary.

Rename the certificate file according to the following notation:

<YYY-MM-DD>_DFN-Association_Global_Issuing_CA_<FirstName_LastName>.p12

Integration

The integration of the digital user certificate depends on the operating system and software used.

Please keep your expired digital user certificates as well. You will need them to check signatures and decrypt emails.

Microsoft Windows

The Microsoft Windows operating system stores digital user certificates and certificate authorities in a central location, the Windows Certificate Store (Cryptographic Service Provider). As soon as you use software that uses the Windows certificate store, you must import your digital user certificate into this central certificate store:

  • Start → Internet Options (type) → Map: Contents
  • Certificates → “My Certificates” tab → Import…
    • When prompted for a password, enter the password you selected yourself under “Issue”.
    • In the import options, also activate the field “Mark key as exportable”.

Software under Microsoft Windows that uses the central certificate store are Google Chrome , Microsoft Edge / Outlook.

Apple iOS/iPadOS

The Apple iOS & iPadOS operating systems store digital user certificates and certificate authorities in a central location in the operating system. You must therefore bring your digital user certificate to the device in order to store it in this central certificate store:

  • Send yourself and only via the Jade University email system an email to which you attach your digital user certificate.
  • In the “Mail” app, open the received email and tap on the attached user certificate. The operating system confirms the integration with the message “Profile loaded …”.
  • Go to Settings → General → Profiles.
  • Here you will find a new identity certificate:
    • Tap “Install” at the top right (the prompt may be repeated).
    • Enter the password you have chosen under “Issue” and tap on “Next”.
    • Finish the installation of the new profile by tapping on “Done”.

Apple macOS

The Apple macOS operating system stores digital user certificates and certification authorities in a central location, the key ring administration. Therefore, import your digital user certificate into this central certificate store:

  • Double-click the digital user certificate file.
  • The keyring management tries to change the system keyring, so you have to log in.
    • Use the password of your local Apple user here.
  • You will be asked for the password for your digital user certificate.
    • Enter the password you selected yourself under “Issue”.
  • Check: Your digital user certificate appears in the key ring management in the key ring “System” and the category “My certificates”.

Google Android

The Google Android operating system stores digital user certificates and certification authorities in a central location in the operating system. You must therefore bring your digital user certificate to the device to store it in this central certificate store:

  • Send yourself and only via the Jade University email system an email to which you attach your digital user certificate.
  • On your Google Android device, open the received email and save the attached user certificate in the file system.
  • Go to Settings → Security → (Advanced) → Encryption and Credentials.
  • Tap on “Install from SD card” and point to the previously saved file of your digital user certificate.
  • In the “Extract Certificate” window, enter the password you selected yourself under “Issue” and tap on “Next”.
  • In the “Name certificate” window, enter the following:
    • Certificate name: DFN-PKI (your email address).
    • Use of credentials: VPN and Apps
  • Finish the installation by tapping OK.

You will then find the installed digital user certificate under Settings → Security → (Advanced) → Encryption and Credentials → User Credentials.

Linux

Linux stores digital user certificates and certification authorities in a central location, the application “Passwords and Encryption” shows them. However, importing your digital user certificate is currently not possible, i.e. it cannot be stored in this central certificate store. You must therefore import your digital user certificate into the respective application (e.g. Evolution or Firefox).

Use

After the integration of the digital user certificates, they can be used to increase security in the following services:

en/tp/certificates/usercerts-dfn.txt · Last modified: 2022/09/30 11:50 by gu1111