Please note: Due to changes in the DFN-PKI portal, we are constantly revising the instructions.


Certficates (X.509 or S/MIME or TLS) can be used to verify the identity of the owner,

and eventually other properties (e.g. email or organisation), of a public cryptographic key (refer to public key cryptography for more technical information).

Such cryptographic keys can be used to generate electronic signatures and/or to establish encrypted communication channels.

Electronic signatures can offer:

  • authentication - linking the originator to the information
  • integrity - allowing any changes to the information provided to be detected more easily
  • non-repudiation - ensuring satisfaction (in a legal sense) about where the electronic signature has come from

The Registration Authority "RWTH RA" is part of the DFN-PKI (Public Key Infrastructure). We adhere to the DFN-PKI Certificate Policy. The certificate applicant must be associated to the RWTH Aachen University.

The implemented certificate chain ends at a built-in Token of T-TeleSec, anchored within standard browsers and email applications, thus enabling the automated validation of the certificates issued.

Electronic signatures generated with cryptographic keys associated with the DFN-PKI certificates have the status "advanced electronic signature", according to the German Signature Act.


Via the RWTH-DFN certification portal, user or server certificates based on the X.509 standard can be easily applied for.

Due to the missing root certificate in the certificate store of older operating systems (Android <= 4.4), problems occur when checking the certificate chain.


The following certificates can be applied for:

  • User certificates for mail addresses (e.g. the domain @rwth-aachen.de and its subdomains)

→ detailed instructions are described here

  • Server certificates for servers from the rwth-aachen.de domain

→ detailed instructions are described here


=== GRID === GRID === GRID === GRID === GRID === GRID === GRID === GRID === GRID === GRID ===

X.509 Grid certificates, which can be applied for via the RWTH Aachen Grid RA certification portal, are issued for the use of Grid services.

The DFN Grid guidelines apply here.