The DFN-Verein issues Grid certificates to it's member universities and research facilities. Grid certificates underlie the Grid Certification Guidelines of the DFN-Verein.

The certificates are issued by the certification authority "DFN-Verein PCA Grid" operated by the DFN-Verein. This is a private PKI, meaning it's root certificate is not a built-in-token. This in turn means, that certificates issued by this PKI should not be used for e.g. your e-mail application (user certificates) or on your webserver (server certificates).

The RWTH Registration Authority (RA) processes applications for DFN-PKI Grid user and server certificates.

• The DFN-PKI Grid-Portal must be used to apply for a new Grid user or server certificate, revoke an existing one, or search for one.
• The certificate application is submitted to and approved by the RWTH Registration Authority (RA).
• The user certificate is issued by the DFN-PKI Grid and can be downloaded via your web browser after receiving an email notification.
• The server certificate is issued by the DFN-PKI Grid and is delivered as an attachment in the notification email.

Both Grid user certificates and Grid server certificates are valid for 393 days.

This page describes how to aply for grid certificates:

• Apply for a Grid user certificate
• Apply for a Grid user certificate

Apply for a Grid user certificate

1. Go to the DFN-PKI Grid-Portal and select Request User Certificate. You can change the language to English at the top right if needed.

2. Fill out the fields as follows:

• Create certificate request:
  • Name (CN): Complete first name(s) and surname as they are displayed in your identity document.
  • Email: Email address for which the certificate is to be issued.
  • Organisational unit (OU) (optional): The complete name of your department or organisational unit. (e.g. IT Center, Computer Science 12)
  • Namespace: This is already set.
• Your data:
  • Department (optional) The complete name of your department or organisational unit. (e.g. IT Center, Computer Science 12)
  • Revocation PIN: This PIN will be required to revoke or block certificates. Please keep this PIN safe.
• Personal Note (optional):
  • This note can be saved in the .json file that you create with your application.
• You must agree to the regulations.
• You must agree to the publication of the certificate.
• You must confirm that you have read the information about how your data will be processed.

3. Save the application file and set a password for it.

• The .json file and associated password must be stored securely. You will later need both to be able to generate your .p12 file.

4. Print the PDF document (certificate application) out.

• Please read the printed document, then fill in the date and sign it.

5. Submit your application in person at the RWTH Registration Authority.

The DFN-PKI certification guidelines require that the identity of the person applying for a certificate is checked. For this purpose, please arrange an appointment with the RWTH Registration Authority: ra@rwth-aachen.de.

Please bring the following documents to the RWTH Registration Office (RA) for identity verification:

• your certificate application 
• your valid identification document (passport, ID card or German residence permit)

If you have further questions, please contact the RA via email: ra@rwth-aachen.de

Apply for a server certificate

1. Open the DFN-PKI Grid-Portal and Select Upload CSR (PKCS#10) file. You can change the language to English at the top right if needed.

2. Fill out the fields as follows:

• Select the CSR file
• Your data
  • Full Name: Complete first name(s) and surname as they are displayed in your identity document.
  • Email: Email address with which you wish to receive the certificate and receive future notifications and the expiry or revocation of the certificate.
  • Department (optional): The complete name of your department or organisational unit. (e.g. IT Center, Computer Science 12) )
  • Revocation PIN: This PIN will be required to revoke or block certificates. Please keep this PIN safe.
• Personal Note (optional):
  • This note can be saved in the .json file that you create with your application.
• You must agree to the regulations.
• You must agree to the publication of the certificate.
• You must confirm that you have read the information about how your data will be processed.

3. Print the PDF file (certificate application):

• Please read the printed document, then fill in the date and sign it.

4. Submit your application in person at the RWTH Registration Authority.

The DFN-PKI certification guidelines require that the identity of the person applying for a certificate is checked. For this purpose, please arrange an appointment with the RWTH Registration Authority: ra@rwth-aachen.de.

Please bring the following documents to the RWTH Registration Office (RA) for identity verification:

• your certificate application 
• your valid identification document (passport, ID card or German residence permit)

If you have further questions, please contact the RA via email: ra@rwth-aachen.de.