Geant TCS at the Department of Informatics
Current note:
Unfortunately, it is currently not possible to create a personal certificate for external persons, students and doctoral candidates via the SECTIGO "self-service" portal. An error message appears during the registration process caused by of the lack of formal identity checks in advance.
For these people, a manual entry has to be made at the participant service (see below) or they have to submit a certificate application via the "old" DFN-PKI page.
Registration office (UHH Géant TCS) for personal certificates for members of the Department of Informatics
To ease the workload of the central RRZ site, an additional registrar ( UHH Géant TCS) has been set up for personal certificates for the members of the Department of Informatics. Certificates for group/function mailboxes are also possible. In addition, approved server certificates can be activated here.
This Registration office is responsible solely for the Department of Informatics!
From October 2022 the application process has been changed. The application for certificates is now handled by the service provider SECTIGO (GÉANT Trusted Certificate Services). There are new web forms for this, as described on the RRZ pages for the participant service.
The application process is described in detail on the PKI Web pages of the RRZ (in German).
The old procedure, which required the applicant to appear in person for identity verification, should NOT be used anymore. It will finally expire at the end of 2023 (for server certificates already at the end of 2022). If you have any questions, please contact the participant service at the Informatikum ( A. Heymann or R. Zierke ) or at the RRZ.
Notes:
The personal qualified certificates
- can be integrated into mail clients,
- can be used for signing and encryption,
- are limited in time (up to 1095 days), extension possible :
for employees until retirement from the university,
for students limited to the time of enrollment, - should be granted only for valid (fully qualified) UHH email addresses !
example: Hans.Meier@uni-hamburg.de
Registered certificate holders can only be found in the PKI directory via ldap search query or in appropriately configured mail clients if "Publication of the certificate" is approved when applying.
Server and group certificates must be approved by accredited persons (in the Informatics Department: R. Zierke and A. Heymann).
Notes on the use of certificates:
The registered certificates can only be used if they (and the certifying bodies) are known on the system and / or in the specific application.
In some applications the root certificates are pre-installed, in others they must be imported manually. Your personal certificate is automatically saved in your web browser when you apply for it. If not downloaded automatically, you usually have to export it manually from your web browser and import it into your mail client in order to be able to use the certificate there. Detailed information on this can be found on the PKI Web pages of the RRZ.
Security note:
For security reasons your personal certificates should be deleted from the browser's storage after exporting them to your mail clients(s).