CSR-upload on DFN-PKI
These instructions describe how to apply for a server certificate at the DFN-PKI via your browser.
Any known, uptodate browser may be used, e.g. Firefox, Edge (Chrome based), Chrome, Safari.
PLEASE NOTE: Although a .JSON application data file is generated, it is not needed. This seems to be an artefact of the process by which the browser generates the cryptographic keys.
Three passwords are to be assigned during the certificate creation process:
Be sure to remember these.
1. Select "Upload CSR (PKCS#10) file" under heading "CSR (PKCS#10) upload" on the DFN-PKI webpage.
2. Upload your CSR file.
Certificate profile: Select the appropriate profile.
Use the "Browse" button do select your CSR file.
3. Fill in the information about the applicant.
Full name: Your full name as shown in your official ID document.
Email: Preferably a functional e-mail address, to which you and your standby have access. Here you receive all e-mail communication pertinent to your certificate application.
Department: Complete name of your RWTH institution (e.g.: IT Center, Chair of Computer Science 12).
Revocation PIN: The PIN is required to revoke the received certificate if necessary. Please keep this PIN in a safe place.
This note is saved in the .json file.
You have to abide by the DFN-PKI regulations.
You have to agree to the publication of the issued certificate (Certificate Transparency).
You must agree to the processing of your personal data.
4. Save the application data file (JSON) and assign a password for it.
Check that your data is correct and subsequently select "Save application data file".
This step creates a .json file with only the public RSA keys and any information pertaining to the applicant. This file is an artefact of the process to submit a server certificate application and have the browser generate all RSA-keys.
The .json file is stored in an encrypted form. You must set a password for this encryption. Prepare to enter the .json password.
Enter the password with which the .json file will be encrypted/protected.
You may keep the .json file, but it is not needed later on.
5. Download certificate application form (PDF) and sign it.
You need the submit the .pdf file to the RWTH registration authority (RA).
Save and/or print the .pdf file. Read it, date it and sign it by hand.
As the contents of the application form (PDF file) are currently not displayed in English, here is a short summary of what you are agreeing to:
6. Submit the application form to the registration authority and go through the required identity verification.
The DFN-PKI certification policy requires that the identity of the applicant be verified by the local registration authority, see Possible Ways of Identity Verification options in order to submit your certificate application form.
Here you can read how to collect the certificate: