Public Key Certificates (as defined by X.509) can be used to verify the identity of the owner, and eventually other properties (e.g. email or organisation), of a public cryptographic key (refer to public key cryptography for more technical information).

Such cryptographic keys can be used to generate electronic signatures and/or to establish encrypted communication channels.

Electronic signatures can offer:

• authentication - linking the originator to the information
• integrity - allowing any changes to the information provided to be detected more easily
• non-repudiation - ensuring satisfaction (in a legal sense) about where the electronic signature has come from

The RWTH, as a DFN member, can obtain user certificates from several PKI authorities:

• Until August 2023 this was the DFN-PKI Global
• Between September 2023 and up until 09.01.2025 this was the Sectigo CA (via the GÉANT/TCS contract).
• From February 2025 it will be the harica.gr (via the DFN contract).

The certificate applicant must be associated to the RWTH Aachen University.

The implemented certificate chain depends on the used PKI:

• for the DFN-PKI Global the built-in Token is the "T-TeleSec GlobalRoot Class 2" of the "T-Systems Trust Center"
• for the Sectigo CA it is the "AAA Certificate Services" of the "Comodo CA Limited"
• for the harica.gr CA it ist the "Hellenic Academic and Research Institutions RootCA 2015"

All above Root Certificates are anchored within standard browsers and email applications (that is, they belong to the SW installation), thus enabling the automated validation of the certificates issued.

Electronic signatures generated with cryptographic keys associated with user certificates issued from the afore mentioned CAs (also known as S/MIME certificates) have the status "advanced electronic signature", according to the German Signature Act.