Please note: Due to changes in the DFN-PKI portal, we are constantly updating the user instructions.

Public Key Certificates (as defined by X.509) can be used to verify the identity of the owner, and eventually other properties (e.g. email or organisation), of a public cryptographic key (refer to public key cryptography for more technical information).

The cryptographic keys of (TLS/SSL) server certificates allow relevant applications to set up end-to-end encryption between the user application and the server (e.g. TLS, for HTTPS in a Browser, or IPsec for VPN, or SSH).

The RWTH Registration Authority "RWTH RA" is part of the DFN-PKI (Public Key Infrastructure).

The certificate applicant must be associated to the RWTH Aachen University.

Server certificates for the RWTH are issued:

• until the 30.12.2022 by the DFN-PKI Global certification authority, which adheres to the DFN-PKI Global Certificate Policy.
• as of the 16.12.2022 by the GÉANT/TCS (Trusted Certificate Service), currently in partnership with Sectigo.

The implemented certificate chains end at a built-in Token:

• for the DFN-PKI Global, the root certificate is "T-TeleSec GlobalRoot Class 2" of the "T-Systems Trust Center".
• for GÉANT/TCS several certificate chains are applicable, they all end at the root certificate "AAA Certificate Services" of "Comodo CA Limited".

Root certificates (or built-in Tokens) are anchored within standard browsers and other relevant applications (that is, they belong to the SW installation), thus enabling the automated validation of the certificates lower down the chain.