Public key certificates (X.509 or S/MIME or TLS) are digital IDs with which people or servers can identify themselves (refer to public key cryptography for more technical information).
Their main areas of application are to establish a secure communication on the Internet: electronic signatures, encryption and identification.
The certificates are issued in accordance with the X.509 standard. Electronic signatures generated with such certificates are “advanced electronic signatures” according to the eIDAS regulation of the European Union.

The RWTH Certification Authority works within the framework of the public key infrastructure (PKI) of the DFN Association (German Research Network) to support science, research and teaching.

Who is allowed to apply for public key certificates at the RWTH?

Members of RWTH Aachen University with an active RWTH Single-Sing-on account and an RWTH intranet IP address can apply for public key certificates via RA-Portal.

Which certification authorities are available?

At the RWTH, certificates can be requested under the following PKIs:

• GÉANT Trusted Certificate Service (TCS) (with a built-in-token) for user certificates or web server certificates.  The current certificate provider is Harica. Applications via RA-Portal. 
• DFN-Verein Community PKI: is a private (i.e. not anchored in any browser) PKI of DFN-Verein for server certificates for special purposes.
• DFN-PKI Grid: is a private PKI of DFN-Verein that is only suitable for grid computing. User and server certificates are issued.

How can I use public key certificates?

Certificates issued by the CA/Browser Forum compliant PKI (GÉANT/TCS) can be used to:

• Encrypt and digitally sign e-mails
• Digitally sign documents
• Secure web servers