You are located in service: Public Key Certificates

CSR upload

CSR upload


RWTH members can use the web interface to apply for GÉANT/TCS server certificates.


  • The RA-Portal can only be accessed from within the RWTH IP-network (RWTH intranet).
  • Authentication occurs via Single-Sign-On.
  • Authorization of the user is based on the CN/SANs DNS resolution, user rights are sourced from the right-manager.
  • Certificates are issued
    • automatically, if the user is authorized
    • following approval by authorized network contact persons
    • in all other cases following approval by the RWTH Registration Authority (RWTH RA)
  • Notifications are sent via e-mail:
    • upon issue
    • at expiry (28 and 14 days before expiry)
    • at revocation
    • in case of moderation (approval/rejection)
  • Issued certificates can be downloaded via the RA-Portal.
  • The relevant certificate chain can be downloaded via the RA-Portal.
  • Please address questions and feedback to the IT-ServiceDesk.

Fill out the Distinguished Name (Subject in CSR) for GÉANT/TCS server certificate applications as following:

  • C = DE
  • T = Nordrhein-Westfalen
  • L = Aachen
  • O = RWTH Aachen University
  • CN = <fqdn> (must be DNS resolvable)

SAN may contain the following:

  • The CN must occur in the SAN (CA/Browser Forum requirement)
  • One or more FQDNs (all must be resolvable in DNS)
  • IP address that is reverse resolvable in DNS (IP addresses are theoretically allowed, but must be individually domain validated by the certification authority, hence practically not possible)


Links to:

last changed on 01/18/2024

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License