Apply for a server certificate via browser
These instructions describe how to apply for a server certificate (X.509, SSL/TLS) at the DFN-PKI via your browser.
Any known, uptodate browser may be used, e.g. Firefox, Edge (Chrome based), Chrome, Safari.
PLEASE NOTE: You must safely save the generated .json-file (step 4), including associated password. This is essential in order to be able retrieve the issued certificate.
Three passwords are needed during the certificate application process:
Be sure to remember these.
1. Select button "request server certificate" under heading "Server certificate (incl. key generation)" on the DFN-PKI webpage.
2. Fill in the data to be included in the required certificate.
Certificate profile: Select the appropriate profile.
CommonName (CN): Enter the FQDN of the (sub)domain for which the certificate should be issued.
Additional subject alternative name (SaN): Enter any additional FQDNs, for which the server certificate should apply, as subject alternative names.
Namespace: for server certificates, preset.
3. Provide data to the person applying for the server certificate.
Your Data (certificate applicant):
Full name: Your full name as shown in your official ID document.
Email: Preferably a functional e-mail account, to which you and your standby have access. E-Mails from the DFN-PKI are addressed to this e-mail.
Department: Complete name of your RWTH institution (e.g.: IT Center, Chair of Computer Science 12).
Revocation PIN: The PIN is required to revoke the received certificate if necessary. Please keep this PIN in a safe place.
This note is saved in the .json file.
You must abide by the DFN-PKI regulations.
You have to agree to the publication of the issued server certificate (Certificate Transparency).
You must agree to the processing of your personal data.
4. Save the generated application data file (JSON) and assign a password for it.
Check that the certificate data and your data are correct and subsequently select "Save application data file".
This step creates a .json file with the cryptographic keys (RSA keys) and all other submitted information.
The .json file is stored in an encrypted form. You must set a password for this encryption. Prepare to enter the .json password.
Enter the password with which the .json file will be encrypted/protected.
You must keep the .json file and its password safe.
Both are necessary in order to retrieve the issued certificate.
5. Download certificate application form (PDF) and sign it.
You need to
The applicant must submit proof of personal identification.
Save and/or print the .pdf file. Read it, date it and sign it by hand.
As the contents of the application form (PDF file) are currently not displayed in English, here is a short summary of what you are agreeing to:
6. Submit the application form in person and go through the required identity verification.
The DFN-PKI certification policy requires that the identity of the applicant be verified by the local registration authority, see Possible Ways of Identity Verification options in order to submit your certificate application form.
Here you can read how to collect the certificate: