IT Center Help

You are located in service: Public Key Certificates

DFN-PKI Global Receive your user certificate

Kurzinformation

This instruction describes how to retrieve your DFN-PKI user certificate via your browser.

Detailinformation

1. You should receive a digitally signed e-mail (sender: dfnpki-mailsender-noreply@dfn-cert.de) with a link to retrieve the certificate.

Sehr geehrte Nutzerin, sehr geehrter Nutzer,

die Bearbeitung Ihres Zertifizierungsantrags 76448800 mit Profil User ist nun abgeschlossen.

Ihr Zertifikat mit der Seriennummer 12345678901234567890123456789 ist auf den Namen
CN=Max Mustermann,GN=Max,SN=Mustermann,OU=Vollstaendiger Name des Instituts,O=RWTH Aachen,C=DE
erstellt worden.

Sie benötigen die Seriennummer, um Ihr Zertifikat gegebenenfalls sperren zu können.

* Wenn Sie ein Nutzerzertifikat beantragt haben, wählen Sie bitte die folgende Seite. Dort können Sie eine Zertifikatdatei im PKCS#12-Format erstellen, die Sie für Ihre Anwendungen benötigen:

https://pki.pca.dfn.de/dfn-pki/dfn-ca-global-g2/3550/certificates/12345678

* Andernfalls, wenn Sie das Zertifikat über den Karteireiter "Serverzertifikat" beantragt haben, benötigen Sie

- die CA-Zertifikate unter der Seite

https://pki.pca.dfn.de/dfn-ca-global-g2/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=2;RA_ID=3550

- und Ihr eigenes Zertifikat, das Sie im Anhang dieser Mail finden.

Befolgen Sie bitte die in dem Dokument "Informationen für Zertifikatinhaber" aufgeführten Regelungen: https://info.pca.dfn.de/doc/Info_Zertifikatinhaber.pdf

Mit freundlichen Grüßen

Ihr DFN-PKI-Team

Follow the link in your browser.

2. Follow the link; you will get to the DFN-PKI webpage where you can retrieve your certificate.

Browse: From your file explorer, select the "certificate application data file" (.json) that you saved when you applied for the certificate.

Then enter the password for the .json file and click Next (please DO NOT klick "Enter" to confirm the password).

3. "Save certificate file" to generate your .p12 file.

	The information included in the issued certificate is displayed here. Click on "save certificate file" to generate your .p12 file. This .p12 file then contains: Your cryptographic keys (RSA keys) Your user certificate The DFN-PKI certificate chain
	The .p12 file is stored encrypted. Here you have to assign the password for this encryption and remember it long term. You will need this password to subsequently import the .p12 file into other applications (e.g. e-mail, PDF reader). Choose a safe place to store the .p12 file long term. Give the .p12 file a name that makes sense to you.

4. You have successfully created and saved your certificate file (.p12).

Summarised information from the DFN-PKI.

Zusatzinformation

Why you need your .p12 file forever:

The .p12 file contains your own RSA key pair and the associated DFN-PKI user certificate. If you change computers, reinstall the operating system or use other applications and you want to keep using your still valid certificate, you will need to bring the .p12 along and "install" it again. For this reason, it is essential to save this file as a backup copy in an adequately safe location. Even after the user certificate has expired, the .p12 file should be retained, so that you can still read old encrypted e-mails.

This .p12 file generated with your Browser already contains the certificates of the DFN-PKI chain.

This can be checked with openSSL, for example: openssl pkcs12 -nokeys -info -in ${MEINE_EXPORT_DATEI}.p12 | grep -E 'subject=|issuer='

The DFN-PKI user certificate can be used in different applications. Here you can find instructions on how to use it to e.g. digitally sign e-mails or documents :

last changed on 07/27/2023

How did this content help you?

This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License