Certificates | DFN-PKI

Photo: ZIM

The ZIM offers a DFN certification center for all members and affiliates of the University of Potsdam. You can apply for so-called user and server certificates.

Photo: ZIM

Why are certificates needed?

When you transmit confidential information such as account data, transaction numbers or passwords to a web server or mail server, the connection to the server must be encrypted so that malicious third parties cannot eavesdrop on the information. The server must also "identify itself" and prove that it really is the server it claims to be. It is said that the server must authenticate itself.

Applying for user certificates

User certificates can be requested for the certified sending and encryption of e-mails. A step-by-step guide can be found here (https://www.uni-potsdam.de/de/mailup/allgemeines/sichere-e-mails).

Application for server certificates

Certificates for servers in the institutions and facilities of the University of Potsdam can be applied for via the web interface of the CA (https://pki.pca.dfn.de/dfn-ca-global-g2/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=1&RA_ID=4760).

The following steps must be completed for the setup:

1. Create a certificate request.

OpenSSL can be used as a tool on Linux (https://www.openssl.org/) and Windows (http://slproweb.com/products/Win32OpenSSL.html).

Under Linux, for example, the command openssl req -nodes -new -newkey rsa:2048 -sha256 -out csr.pem can be used to start the generation. After the queries (umlauts in the specifications must be paraphrased), a private key "privkey.pem" and the certificate request "csr.pem" are generated. The private key must be stored securely on the machine. It will be needed later in combination with the certificate for encrypting the connections.

2. Upload certificate request

The certificate request created in step 1 can be uploaded via the CA's web interface (https://pki.pca.dfn.de/dfn-ca-global-g2/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=1&RA_ID=4760) under the Server Certificates tab. Please select the appropriate profile and fill in the further details (umlauts must also be transcribed here). After confirming the entries, the certificate request is displayed. This must be printed out and signed.

3. Make an appointment at the registration office (RA) of the University of Potsdam.

For personal identification, you have to present yourself to one of our colleagues at the am Neuen Palais. To make an appointment, please contact us via e-mail (zim-serviceuni-potsdamde with the subject "Question DFN-PKI certificates"). Please bring the signed certificate application and your ID card to the appointment."

4. The valid certificate

After successful identification and approval of the application, you will receive the certificate by e-mail. Receipt of the email may take a few hours, normally only a few minutes. You can now embed and use the certificate on your machine.