Public Key Certificates (as defined by X.509) can be used to verify the identity of the owner, and eventually other properties (e.g. email or organisation), of a public cryptographic key (refer to public key cryptography for more technical information).

Such cryptographic keys can be used to generate electronic signatures and/or to establish encrypted communication channels.

Electronic signatures can offer:

• authentication - linking the originator to the information
• integrity - allowing any changes to the information provided to be detected more easily
• non-repudiation - ensuring satisfaction (in a legal sense) about where the electronic signature has come from

The RWTH, as a DFN member, can obtain user certificates from several PKI authorities. Until August 2023 this was the DFN-PKI Global, from September 2023 it is exclusively the GÉANT/TCS.

The certificate applicant must be associated to the RWTH Aachen University.

The implemented certificate chain depends on the used PKI:

• for the DFN-PKI Global the built-in Token is the "T-TeleSec GlobalRoot Class 2" of the "T-Systems Trust Center"
• for the GÉANT/TCS it is the "AAA Certificate Services" of the "Comodo CA Limited"

Both Root Certificates are anchored within standard browsers and email applications (that is, they belong to the SW installation), thus enabling the automated validation of the certificates issued.

Electronic signatures generated with cryptographic keys associated with the DFN-PKI Global or the GÉANT/TCS user certificates (also known as S/MIME certificates) have the status "advanced electronic signature", according to the German Signature Act.