When you transmit confidential information such as account data, transaction numbers or passwords to a web server or mail server, the connection to the server must be encrypted so that malicious third parties cannot eavesdrop on the information. The server must also "identify itself" and prove that it really is the server it claims to be. It is said that the server must authenticate itself.
User certificates can be requested for the certified sending and encryption of e-mails. A step-by-step guide can be found here (https://www.uni-potsdam.de/de/mailup/allgemeines/sichere-e-mails).
Certificates for servers in the institutions and facilities of the University of Potsdam can be applied for via the web interface of the CA (https://pki.pca.dfn.de/dfn-ca-global-g2/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=1&RA_ID=4760).
OpenSSL can be used as a tool on Linux (https://www.openssl.org/) and Windows (http://slproweb.com/products/Win32OpenSSL.html).
Under Linux, for example, the command openssl req -nodes -new -newkey rsa:2048 -sha256 -out csr.pem can be used to start the generation. After the queries (umlauts in the specifications must be paraphrased), a private key "privkey.pem" and the certificate request "csr.pem" are generated. The private key must be stored securely on the machine. It will be needed later in combination with the certificate for encrypting the connections.
The certificate request created in step 1 can be uploaded via the CA's web interface (https://pki.pca.dfn.de/dfn-ca-global-g2/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=1&RA_ID=4760) under the Server Certificates tab. Please select the appropriate profile and fill in the further details (umlauts must also be transcribed here). After confirming the entries, the certificate request is displayed. This must be printed out and signed.
For personal identification, you have to present yourself to one of our colleagues at the am Neuen Palais. To make an appointment, please contact us via e-mail (zim-serviceuuni-potsdampde with the subject "Question DFN-PKI certificates"). Please bring the signed certificate application and your ID card to the appointment."
After successful identification and approval of the application, you will receive the certificate by e-mail. Receipt of the email may take a few hours, normally only a few minutes. You can now embed and use the certificate on your machine.