Please note: Due to changes in the DFN-PKI portal, we are constantly revising the instructions.


Certficates (X.509 or S/MIME or TLS) can be used to verify the identity of the owner,

and eventually other properties (e.g. email or organisation), of a public cryptographic key (refer to public key cryptography for more technical information).

Such cryptographic keys can be used to generate electronic signatures and/or to establish encrypted communication channels.

Electronic signatures can offer:

  • authentication - linking the originator to the information
  • integrity - allowing any changes to the information provided to be detected more easily
  • non-repudiation - ensuring satisfaction (in a legal sense) about where the electronic signature has come from

The Registration Authority "RWTH RA" is part of the DFN-PKI (Public Key Infrastructure). We adhere to the DFN-PKI Certificate Policy. The certificate applicant must be associated to the RWTH Aachen University.

The implemented certificate chain ends at a built-in Token of T-TeleSec, anchored within standard browsers and email applications, thus enabling the automated validation of the certificates issued.

Electronic signatures generated with cryptographic keys associated with the DFN-PKI certificates have the status "advanced electronic signature", according to the German Signature Act.


Via the RWTH-DFN certification portal, user or server certificates based on the X.509 standard can be easily applied for.


The following certificates can be applied for:

  • User certificates for mail addresses (e.g. the domain @rwth-aachen.de and its subdomains)

→ detailed instructions are described here

  • Server certificates for servers from the rwth-aachen.de domain

→ detailed instructions are described here


=== GRID === GRID === GRID === GRID === GRID === GRID === GRID === GRID === GRID === GRID ===

X.509 Grid certificates, which can be applied for via the RWTH Aachen Grid RA certification portal, are issued for the use of Grid services.

The DFN Grid guidelines apply here.