You are located in service: Certificates

Backup/export your own RSA keys and the certificate (create the .p12 file)

Backup/export your own RSA keys and the certificate (create the .p12 file)

Kurzinformation

What is a group certificate:

If an e-mail address is used by several people or if it is a functional e-mail address (such as sekretariat@einrichtung.rwth-aachen.de), a group certificate should be applied for instead of a user certificate. This certificate together with the generated cryptographic keys (i.e. the .p12-file) must be transmitted securely to all relevant users.

A group certificate is obtained similarly to a user certificate

  • the application procedure depends on the browser used
  • the usage depends on the e-mail application used

Below we show an example of how you would apply for a group certificate if you were using the Internet Explorer on Windows.


 Detailinformation

 

Why you need the .p12 file:

This file contains your own RSA key pair and the corresponding certificate. You must transmit this file in a secure way to the other users of the "group mailbox". You also need this file when changing computers, reinstalling the operating system or when using non-Microsoft e-mail applications (e.g. Thunderbird). All users of the group certificate should keep this file safe and redundant.

4.1 Access the Internet Options of your Internet Explorer
 

RSA-Schlüssel und sichern 1
 

4.2 Select Contents and Certificates

Eigene RSA-Schlüssel und das Zertifikat sichern 2
 

4.3 Select and "export" the relevant group certificate under "Personal" 

Eigene RSA-Schlüssel und das Zertifikat sichern 3
 

4.3.1 Export Step  1

 
Eigene RSA-Schlüssel und das Zertifikat exportieren 1
 

4.3.2 Export Step 2

 
Eigene RSA-Schlüssel und das Zertifikat exportieren 2
 

4.3.3 Export Step 3

 
Eigene RSA-Schlüssel und das Zertifikat exportieren 3
 

4.3.4 Export Step 4

 
Eigene RSA-Schlüssel und das Zertifikat exportieren 4

The .p12 file is stored encrypted, the password you enter here is the key for this encryption.

You should give the password together with the .p12 file to all authorized users of the group mailbox so that they can install the certificate and the corresponding cryptographic keyes into their e-mail application.

 

4.3.5 Export Step 5

 
Eigene RSA-Schlüssel und das Zertifikat exportieren 5

Choose a safe place to store the p12 file.

It can be useful to incorporate the e-mail account name and the expiration date of the certificate into the file name of your .p12, especially if you use several different mailboxes.

 

4.3.6 Export Step 6

 
Eigene RSA-Schlüssel und das Zertifikat exportieren 6
 

4.3.7 Export Step 7

 
Eigene RSA-Schlüssel und das Zertifikat exportieren 7
 
  • Group certificates are valid (per default) for three years.
  • Four and two weeks before the expiration date of the certificate, the original applicant and the "group mailbox" will receive a reminder e-mail to submit a new application.
  • After the certificate expires, you are not able to send digitally signed e-mails from this mailbox. Furthermore, you are not able to receive encrypted e-mails to this mailbox, in fact the sender is not able to send them.
  • However, you should keep your old "own certificates" in the certificate store of the e-mail application in order to be able to read old encrypted e-mails.

last changed on 29.01.2021

How did this content help you?