Certificates (X.509 or S/MIME or TLS) can be used to verify the identity of the owner, as well as other properties (e.g. e-mail or organisation), of a public cryptographic key (refer to public key cryptography for more technical information).

Such cryptographic keys can be used to generate electronic signatures and/or to establish encrypted communication channels.

Electronic signatures can offer:

• authentication - linking the originator to the information
• integrity - allowing any changes to the information provided to be detected more easily
• non-repudiation - ensuring satisfaction (in a legal sense) about where the electronic signature has come from

As a member of the DFN community, the RWTH can apply for user or server certificates from the GÉANT/TCS or from various DFN-PKIs. 

The DFN-PKI Global and the GÉANT/TCS user certificates can be used for advanced electronic signatures. If you need a qualified electronic signature, please contact a commercial provider, e.g. the federal printing agency.

The certificate applicant must be associated to the RWTH Aachen University.

The following certificates can be applied for:

• Harica CA (Built-in-Token PKI) for user or webserver certificates. All applications must be submitted through RA-Portal. 
• GÉANT/TCS (Built-in-Token PKI) for user or webserver certificates.The contract with the Sectigo CA was terminated on 10.01.2025.
• DFN-Verein Community PKI (Non builit-in-token PKI from the DFN-Verein) for special purposes server certificates.
• DFN-PKI Grid (only for Grid-Computing, PKI from the DFN-Verein).