You are located in service: Certificates

CSR-upload on DFN-PKI

CSR-upload on DFN-PKI

Kurzinformation

These instructions describe how to apply for a server certificate at the DFN-PKI via your browser.

Any known, uptodate browser may be used, e.g. Firefox, Edge (Chrome based), Chrome, Safari.

PLEASE NOTE: Although a .JSON application data file is generated, it is not needed. This seems to be an artefact of the process by which the browser generates the cryptographic keys.


Detailinformation

Three passwords are to be assigned during the certificate creation process:

  • for the certificate revocation (revocation-PIN)
  • for the .json file (json-password)
  • for the backup of the .p12 file (p12-password)

Be sure to remember these.

1. Select "Upload CSR (PKCS#10) file" under heading "CSR (PKCS#10) upload" on the DFN-PKI webpage.

Applying for a server certificate

2. Upload your CSR file.

Enter data

Certificate profile: Select the appropriate profile.

Use the "Browse" button do select your CSR file.

3. Fill in the information about the applicant.

Fill in personal dataPersonal Note

Your Data:

Full name: Your full name as shown in your official ID document.

Email: Preferably a functional e-mail address, to which you and your standby have access. Here you receive all e-mail communication pertinent to your certificate application.

Department: Complete name of your RWTH institution (e.g.: IT Center, Chair of Computer Science 12).

Revocation PIN: The PIN is required to revoke the received certificate if necessary. Please keep this PIN in a safe place.

 
 
 
 
 
 
 
 
 

Personal note:

This note is saved in the .json file.

You have to abide by the DFN-PKI regulations.

You have to agree to the publication of the issued certificate (Certificate Transparency).

You must agree to the processing of your personal data.

4. Save the application data file (JSON) and assign a password for it.

Save certificate application

Check that your data is correct and subsequently select "Save application data file".

This step creates a .json file with only the public RSA keys and any information pertaining to the applicant. This file is an artefact of the process to submit a server certificate application and have the browser generate all RSA-keys.

The .json file is stored in an encrypted form. You must set a password for this encryption. Prepare to enter the .json password.

 
Set passphrase

Enter the password with which the .json file will be encrypted/protected.

You may keep the .json file, but it is not needed later on.

 

5. Download certificate application form (PDF) and sign it.

Downloading the certificate application

You need the submit the .pdf file to the RWTH registration authority (RA).


Here you can also download and save the application data file (JSON) again, should you have failed to do so in step 4.

 
Application PDF (in German)

Save and/or print the .pdf file. Read it, date it and sign it by hand.

 

As the contents of the application form (PDF file) are currently not displayed in English, here is a short summary of what you are agreeing to:

  • The certificate may only be installed on servers explicitly listen under SaN.

  • The private RSA key may only be made accessible to administrators of the servers named under SaN.

  • Every server named under SaN and accessible via the internet needs to be adequately protected, e.g.:
    • The server is located behind a secure infrastructure, e.g. firewall.
    • The server is administered appropriately, including regular installation of security updates.
    • Administrative access to the server, and by extension to the the private RSA-key, is clearly and strictly regulated.

6. Submit the application form to the registration authority and go through the required identity verification.

The DFN-PKI certification policy requires that the identity of the applicant be verified by the local registration authority, see Possible Ways of Identity Verification options in order to submit your certificate application form.

 

 Zusatzinformation

Here you can read how to collect the certificate:

last changed on 06/30/2022

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License