The DFN-Verein issues Grid certificates to it's member universities and research facilities. Grid certificates underlie the Grid Certification Guidelines of the DFN-Verein.

The certificates are issued by the certification authority "DFN-Verein PCA Grid" operated by the DFN-Verein. This is a private PKI, meaning it's root certificate is not a built-in-token. This in turn means, that certificates issued by this PKI should not be used for e.g. your e-mail application (user certificates) or on your webserver (server certificates).

The RWTH Registration Authority (RA) processes applications for DFN-PKI Grid user and server certificates.

• The DFN-PKI Grid-Portal must be used to apply for a new Grid user or server certificate, revoke an existing one, or search for one.
• The certificate application is submitted to and approved by the RWTH RA.
• The user certificate is issued by the DFN-PKI Grid and can be downloaded via your web browser after receiving an email notification.
• The server certificate is issued by the DFN-PKI Grid and is delivered as an attachment in the notification email.

Both Grid user certificates and Grid server certificates are valid for 393 days.

This page describes how to aply for grid certificates:

• Apply for a Grid user certificate
• Apply for a Grid user certificate

Apply for a Grid user certificate

To apply for a Grid user certificate, please proceed as follows:

1. Go to the DFN-PKI Grid-Portal and select Request User Certificate. You can change the language to English at the top right if needed.

2. Fill out the fields as follows:

• Create certificate request:
  • Name (CN): Complete first name(s) and surname as they are displayed in your identity document.
  • Email: Email address for which the certificate is to be issued.
  • Organisational unit (OU) (optional): The complete name of your department or organisational unit. (e.g. IT Center, Computer Science 12)
  • Namespace: This is already set.
• Your data:
  • Department (optional) The complete name of your department or organisational unit. (e.g. IT Center, Computer Science 12)
  • Revocation PIN: This PIN will be required to revoke or block certificates. Please keep this PIN safe.
• Personal Note (optional):
  • This note can be saved in the .json file that you create with your application.
• You must agree to the regulations.
• You must agree to the publication of the certificate.
• You must confirm that you have read the information about how your data will be processed.

3. Save the application file and set a password for it. You will need he .json file and associated password to be able to generate your .p12 file.

4. Print the PDF document (certificate application) out.

5. Please read the printed document, then fill in the date and sign it.

6. Submit your application in person at the RWTH RA.

• The DFN-PKI certification guidelines require that the identity of the person applying for a certificate is checked. For this purpose, please arrange an appointment with the RWTH RA: ra@rwth-aachen.de.
• Please bring the following documents to the RWTH RA office for identity verification:
  • your certificate application 
  • your valid identification document (passport, ID card or German residence permit)

Apply for a server certificate

To apply for a Grid server certificate, please proceed as follows:

1. Open the DFN-PKI Grid-Portal and Select Upload CSR (PKCS#10) file. You can change the language to English at the top right if needed.

2. Fill out the fields as follows:

• Select the CSR file
• Your data
  • Full Name: Complete first name(s) and surname as they are displayed in your identity document.
  • Email: Email address with which you wish to receive the certificate and receive future notifications and the expiry or revocation of the certificate.
  • Department (optional): The complete name of your department or organisational unit. (e.g. IT Center, Computer Science 12) )
  • Revocation PIN: This PIN will be required to revoke or block certificates. Please keep this PIN safe.
• Personal Note (optional):
  • This note can be saved in the .json file that you create with your application.
• You must agree to the regulations.
• You must agree to the publication of the certificate.
• You must confirm that you have read the information about how your data will be processed.

3. Print the PDF file (certificate application):

4. Please read the printed document, then fill in the date and sign it.

5. Submit your application in person at the RWTH RA.

• The DFN-PKI certification guidelines require that the identity of the person applying for a certificate is checked. For this purpose, please arrange an appointment with the RWTH RA: ra@rwth-aachen.de.
• Please bring the following documents to the RWTH RA office for identity verification:
  • your certificate application 
  • your valid identification document (passport, ID card or German residence permit)

Additional information:

If you have further questions, please contact the RWTH RA via email: ra@rwth-aachen.de.