Change of provider for certificate issuance
Please note that since 10.01.2025, a new certificate provider called has replaced the previous provider Sectigo. We are currently updating the documentation and instructions on this site. Not all new processes have been finalised yet. We ask for your understanding that the update may therefore be somewhat delayed. HARICA
With HARICA, server certificates can be requested manually after logging in via SSO with ‘Academic Login’ under ‘Certificate Requests’ → ‘Server’.
Currently the creation of ACME accounts is not possible. This functionality has been announced to be released in the first half of 2025. We will update this information as soon as possible.
Background information
Requirements
The issuing of certificates is linked to technical and organisational requirements. These are mapped by the and the specifications of TCS. rules of SCM
With regard to the technical requirements for keys and certificates, please also refer to the TLS guidelines of. IT Security
In order to comply with these rules and apply them to the conditions at TU Darmstadt, the (opens in new tab) (German version only) apply here. rules for certificate release
The organisational requirements can be roughly summarised as follows:
- Certificates are only issued to employees and members of TU Darmstadt.
- Persons may apply for certificates for host names in domains in which they are registered as domain representatives.
- Other persons require authorisation from the relevant department or the domain representative to apply. An informal letter with a stamp from the relevant department or, for example, an informal email from a domain representative to tud-ca@hrz.tu-darmstadt.de is sufficient.
Application methods
In principle, server certificates can be issued in two different ways:
- ‘classic’ via a web form and manual approval
- via the ACME protocol
The processes for approving or creating an ACME account are documented in the (opens in new tab) (German only). process description