Please note: Due to changes in the DFN-PKI portal, we are constantly revising the instructions.

Certficates (X.509 or S/MIME or TLS) can be used to verify the identity of the owner,

and eventually other properties (e.g. email or organisation), of a public cryptographic key (refer to public key cryptography for more technical information).

Such cryptographic keys can be used to generate electronic signatures and/or to establish encrypted communication channels.

Electronic signatures can offer:

• authentication - linking the originator to the information
• integrity - allowing any changes to the information provided to be detected more easily
• non-repudiation - ensuring satisfaction (in a legal sense) about where the electronic signature has come from

The Registration Authority "RWTH RA" is part of the DFN-PKI (Public Key Infrastructure). We adhere to the DFN-PKI Certificate Policy. The certificate applicant must be associated to the RWTH Aachen University.

The implemented certificate chain ends at a built-in Token of T-TeleSec, anchored within standard browsers and email applications, thus enabling the automated validation of the certificates issued.

Electronic signatures generated with cryptographic keys associated with the DFN-PKI certificates have the status "advanced electronic signature", according to the German Signature Act.

The following certificates can be applied for:

• User certificates for mail addresses (e.g. the domain @rwth-aachen.de and its subdomains)

→ detailed instructions are described here

• Server certificates for servers from the rwth-aachen.de domain

→ detailed instructions are described here