Starting July 10th, 2019 CA-certificates with the security level “Global Generation 2” will be the only ones valid! Root and CA-certificates with the security level "Global Generation 1 (Global CA G01) will only be valid until July 9th, 2019. Please remember to request new certificates in time.
Registration office DFN-PKI
DFN-CA Global G2 issues DFN-PKI certificates for TU Darmstadt. Employees and members of TU Darmstadt can request these certificates by contacting HRZ. Certificate authority is signed by T_TeleSec GlobalRoot Class 2. According certificates (e.g. for WWW-Server) are automatically recognized by most webbrowers. Therefore, further action usually does not have to be taken by useres themselves, in order to ensure the server's trustworthiness.
This service offers:
- server certificates via DFN-CA Global G2
- server certificates via TUD-CA G01 (only valid until July 9th, 2019)
- certificates for grid services via TU Darmstadt Grid-CA
Framework conditions: requirements (DFN_CA Global G2)
In order to receive a certificate the following requirements need to be met:
- Certificates will only be issued for TU Darmstadt's employees and members.
- The following guidelines need to be followed: seeguidelines for DFN-PKI certification. You will be asked to confirm acknowledging these guidelines by signing the document.
- At the level “Global” RSA-keys will only be certified if they are at least 2048 Bit long.
- A certificate's DN must mandatorily contain: C=DE, [ST=Hessen, L=Darmstadt,] O=Technische Universitaet Darmstadt.
- Applicants need to personally identify themselves (identity card or passport) at HRZ's registration office to receive the first certificate they request. Additionally, each applicant initially needs to prove that he/she is entitled to take action in regard to his/ her organisational unit's certification. The application needs to be officially stamped by the according institution.
How to apply for a certificate (DFN-CA Global G2)
The following steps explain how to request a certificate.
Step 1: Generate a certification request (CSR) according to the pattern below:
- key: RSA, at least 2048 Bit
- C=DE, ST=Hessen, L=Darmstadt, O=Technische Universität Darmstadt
- At least one organisational unit needs to be named (OU=…), more than one are possible. Example: OU=FB Physik, OU=Institut für Halbleiterphysik, …
- CN= (server name), example: www.hrz.tu-darmstadt.de
- Additionally an email address needs to be provided.
Step 2: Upload your certification request to DFN-PKI's website and add the requested data. Subsequent to this process a form will be generated. Please print and fill it out.
Step 3: Please schedule an appointment with HRZ's certification office and turn in the completed form, while providing the necessary identification (identity card/ passport).
Step 4: In case of a successful review, your certificate will be generated and sent to your provided email address.
Step 5: Import the certificate into the according application.
This service is free of charge.