Web server certificates enable users to establish a secure connection to the server. Such certificates are primarily used to identify WWW servers whose address begins with https:// instead of http://, but also e-mail servers and other servers to which an encrypted connection can be established using Transport Level Security (TLS, formerly SSL).

RWTH obtains its web server certificates from the GÉANT Trusted Certificate Service; the current certificate provider is Harica. Applications are made via the RA portal.

Please be aware of the stepwise decreasing validity period of server certificates (as of 08.05.2026), you are strongly advised to automate your certificate renewal process:

•     till early March 2026 365 days
•     starting beginning of March 2026 199 days
•     starting in March 2027 a maximum of 100 days
•     starting in March 2029 a maximum 47 days

Root certificates are automatically supplied with common browsers and other relevant applications (during SW installation or update). This means that the server certificates issued can be validated worldwide.

Certificate chains:

• Sectigo (GÉANT/TCS): several certificate chains are applicable, they all end at the root certificate "AAA Certificate Services" of "Comodo CA Limited".
• Harica: for RSA-keys the certificate chain ends in the root certificate "Hellenic Academic and Research Institutions RootCA 2015".
• Harica: for Elliptic Curve-keys the certificate chain ends in the root certificate "Hellenic Academic and Research Institutions ECC RootCA 2015".

The server certificates issued by Sectigo and Harica all have exactly the following “key usages” (X509v3 extensions):

• X509v3 Key Usage: critical
  • Digital Signature, Key Encipherment
• X509v3 Extended Key Usage:
  • TLS Web Server Authentication, TLS Web Client Authentication

Additional information:

• Upload a CSR file via the RA-Portal
• Manage Your SSL Certificates via the RA-Portal