to Homepage
You are located in service Public Key Certificates
General information
IT Center Help

You are located in service: Public Key Certificates

What are Grid certificates?
Print page

What are Grid certificates?

guide

In Grid computing, certificates play an important role, e.g., for accessing computing and storage resources.

The DFN-Verein has been an accredited member of the EUGridPMA (European Grid Policy Management Authority) since June 2005 and issues Grid certificates to it's member universities and research facilities. 

Participants in Grid projects and administrators of Grid servers can apply for their Grid certificates at the Grid Registration Authority (RA) of the RWTH.

The certificates are issued by the certification authority "DFN-Verein PCA Grid" operated by the DFN-Verein. This is a private PKI, meaning it's root certificate is not a built-in-token. This in turn means, that certificates issued by this PKI should not be used for e.g. your e-mail application (user certificates) or on your webserver (server certificates).

Grid certificates underlie the Grid Certification Guidelines of the DFN-Verein.

The RWTH registration authority processes applications for DFN-PKI Grid user and server certificates.

  • The DFN-PKI Grid-Portal must be used to apply for a new Grid user or server certificate, revoke an existing one, or search for one.
  • The certificate application is submitted to and approved by the RWTH Registration Authority (RA).
  • The certificate is issued by the DFN-PKI Grid and can be downloaded via your web browser after receiving an email notification.

Both Grid user certificates and Grid server certificates are valid for 393 days.

This page describes how to aply for grid certificates:

Applying for a Grid user certificate

  1. Open the DFN-PKI Grid-Portal and change the language to English at the top right if needed
  2. Select Request User Certificate
  3. Fill out the fields as follows:
  • Create certificate request
    • Name (CN): Complete first name(s) and surname as they are displayed in your identity document.
    • Email: Email address for which the certificate is to be issued.
    • Organisational unit (OU) (optional): The complete name of your department or organisational unit. (e.g. IT Center, Computer Science 12)
    • Namespace: This is already set.
  • Your data
    • Department (optional) The complete name of your department or organisational unit. (e.g. IT Center, Computer Science 12)
    • Revocation PIN: This PIN will be required to revoke or block certificates. Please keep this PIN safe.
  • Personal Note (optional): This note can be saved in the .json file that you create with your application.
  • You must agree to the regulations.
  • You must agree to the publication of the certificate.
  • You must confirm that you have read the information about how your data will be processed.
  1. Save the application file and set a password for it
  • The .json file and associated password must be stored securely. You will later need both to be able to generate your .p12 file.
  1. Print the PDF file
  • Please read the printed document, then fill in the date and sign it.
  • You must bring the completed document with you to the registration authority.
  1. Submit your application in person.

The DFN-PKI certification guidelines require that the identity of the person applying for a certificate is checked. Please use one of the possible methods for identity verification.

Applying for a server certificate

  1. Open the DFN-PKI Grid-Portal and change the language to English at the top right if needed
  2. Select Upload CSR (PKCS#10) file
  3. Fill out the fields as follows:
  • Select the CSR file
  • Your data
    • Full Name: Complete first name(s) and surname as they are displayed in your identity document.
    • Email: Email address with which you wish to receive the certificate and receive future notifications and the expiry or revocation of the certificate.
    • Department (optional): The complete name of your department or organisational unit. (e.g. IT Center, Computer Science 12) )
    • Revocation PIN: This PIN will be required to revoke or block certificates. Please keep this PIN safe.
  • Personal Note (optional): This note can be saved in the .json file that you create with your application.
  • You must agree to the regulations.
  • You must agree to the publication of the certificate.
  • You must confirm that you have read the information about how your data will be processed.
  1. Print the PDF file
  • Please read the printed document, then fill in the date and sign it.
  • You must bring the completed document with you to the registration authority.
  1. Submit your application in person.

The DFN-PKI certification guidelines require that the identity of the person applying for a certificate is checked. Please use one of the possible methods for identity verification.

Identity verification

All GRID certificate applications need to be handed in by the certificate applicant in person to the RWTH Registration Authority (RA), as the identity of the certificate applicant needs to be verified. 

For this purpose, please bring

  • your printed out certificate request 
  • your valid identification document (passport, ID card or German residence permit)

to the RWTH RA. 

You need an appointment to be able to visit the RWTH RA. Please write an e-mail to ra@rwth-aachen.de und propose suitable timeslot for your visit.

If you have further questions, please contact the RA via email.

last changed on 02/10/2026

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License
Chat