RWTH members can use the web interface https://ra-portal.itc.rwth-aachen.de to apply for GÉANT/TCS server certificates.
- The web interface can only be accessed from within the RWTH IP-network.
- Authentication occurs via Single-Sign-On.
- Authorization of the user is based on CN/SANs DNS resolution, user rights are sourced from the right-manager.
- Certificates are issued
- automatically, if the user is authorized
- following approval by authorized network contact persons
- in all other case following approval by the RWTH Registration Authority (RWTH RA)
- Notifications are sent via e-mail:
- upon issue
- at expiry (28 and 14 days before expiry)
- at revocation
- in case of moderation (approval/rejection)
- Issued certificates can be downloaded via the ra-portal.
- The relevant certificate chain can be downloaded via the ra-portal.
- Please address questions and feedback to the IT-ServiceDesk.
Fill out the Distinguished Name (Subject in CSR) for GÉANT/TCS server certificate applications as following:
- C = DE
- T = Nordrhein-Westfalen
- L = Aachen
- O = RWTH Aachen University
- CN = <fqdn> (must be DNS resolvable)
SAN may contain the following:
- The CN must occur in the SAN (CA/Browser Forum requirement)
- One or more FQDNs (all must be resolvable in DNS)
- IP address that is reverse resolvable in DNS (IP addresses are theoretically allowed, but must be individually domain validated be the certification authority, hence practically not possible)