Server certificates

Framework conditions: requirements

In order to receive a certificate the following requirements need to be met:

  • Certificates will only be issued for TU Darmstadt's employees and members.
  • The following guidelines need to be followed: see guidelines for DFN-PKI certification (opens in new tab). You will be asked to confirm acknowledging these guidelines by signing the document.
  • At the level “Global” RSA-keys will only be certified if they are at least 2048 Bit long.
  • A certificate's DN must mandatorily contain: C=DE, [ST=Hessen, L=Darmstadt,] O=Technische Universitaet Darmstadt.
  • A certificate's DN must not contain: mailaddress. If e-mail addresses are given, they will block the upload.
  • Applicants need to personally identify themselves (identity card or passport) at HRZ's registration office to receive the first certificate they request. Additionally, each applicant initially needs to prove that he/she is entitled to take action in regard to his/ her organisational unit's certification. The application needs to be officially stamped by the according institution.

The following steps explain how to request a certificate.

Step 1: Generate a certification request (CSR) according to the pattern below:

  • key: RSA, at least 2048 Bit
  • C=DE, ST=Hessen, L=Darmstadt, O=Technische Universitaet Darmstadt
  • At least one organisational unit needs to be named (OU=…), more than one are possible. Example: OU=FB Physik, OU=Institut für Halbleiterphysik, …
  • CN= (server name), example:

You can find a detailed instruction in the FAQ of DFN.

Step 2: Upload your certification request to DFN-PKI's website and add the requested data. Subsequent to this process a form will be generated. Please print and fill it out.

Step 3: Please schedule an appointment with HRZ's certification office and turn in the completed form, while providing the necessary identification (identity card/ passport).

Step 4: In case of a successful review, your certificate will be generated and sent to your provided email address.

Step 5: Import the certificate into the according application.