You are located in service: Certificates

DFN-PKI Global Applying for a certificate

DFN-PKI Global Applying for a certificate


These instructions describe how to apply for a user certificate at DFN-PKI via your browser.

Known supported browsers are: Firefox, Edge (Chrome based), Chrome, Safari.

PLEASE NOTE: You must keep the .JSON application data file generated in the application process (step 4), as well as the associated password, safe. This is essential in order to be able retrieve the issued certificate.


Three passwords are to be assigned during the certificate creation process:

  • for the certificate revocation (PIN)
  • for the .json file
  • for the backup of the .p12 file

Be sure to retain knowledge of these.

1. Select apply for "user certificate" on the DFN-PKI webpage.

2. Fill in the application.

Prefix Name Supplement (optional): Your academic title, only if it is shown in your official ID document.

First Name (GN): Your first name as shown in the official ID document (additional first names are optional, but will be documented during the ID check).

Last Name (SN): Your full last name, as shown on the official ID document.

Email: Your email address for which the certificate shall apply.

Organisational Unit (OU): Name of your RWTH institution (e.g.: IT Center, Chair of Computer Science 12).

Namespace: Here you can choose whether city and state should also be specified in the DN.


3. Your compliance is required.

Revocation PIN: The PIN is required to revocate the received certificate if necessary. Please keep this PIN in a safe place.

Personal note: This note is saved in the .json file.

You have to agree to the DFN-PKI regulations.

You may agree to the publication.

You must agree to the processing of your personal data.

4. Save application data file (JSON) and assign a password.

Check submitted certificate and personal information and if correct select "Save application data file (JSON)".

This step creates a .json file with your cryptographic keys (RSA keys) and the submitted certificate and personal information.

Prepare to enter the .json password.


Enter the password with which the .json file will be encrypted/protected.

You must keep the .json file and its password safe.

Both are necessary in order to retrieve the issued certificate.


5. Download certificate application form (PDF) and sign it.

You need the .pdf file for your personal identification at the registration authority.

Here you can also download and save the application data file (JSON) again, should you have failed to do so in step 4.


Save and/or print the .pdf file. Read it, date it and sign it by hand.

As the contents of the application form (PDF file) are currently not displayed in English, here in short what you are agreeing to:

  • you are not allowed to disclose your private RSA key to anyone

  • all devices on which you use your private RSA key (in extension your DFN-PKI certificate) are adequately protected from unauthorised access and abuse

  • you are required to revocate your certificate if any of the following applies:

    • any data, included in the certificate, is no longer valid/applicable

    • your private RSA key or your password to the file containing it has been compromised

    • you are no longer authorised to use the certificate

6. Submit the application form in person and go through the required identity verification.

The DFN-PKI certification policy requires that the identity of the applicant be verified by the local registration authority, see Possible Ways of Identity Verification options in order to submit your certificate application form.



Here you can read how to retrieve the certificate:

last changed on 03/27/2023

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License