University of Hamburg - to research, to teach, to educate and form, to homepage
Informatics Computing Centre

Photo: UHH/Denstorf

Dept. of Informatics

HARICA s/mime certificates at the Department of Informatics

Since January 2025, the Greek HARICA has been a partner of the DFN and thus of the University of Hamburg (UHH) for the creation and management of S/MIME and SSL certificates.


NOTE: The contract with SECTIGO was terminated in January 2025. Existing certificates from the old PKI can likely continue to be used until their expiration date.

Certificates issued by the University of Hamburg can generally be used to sign and encrypt emails (with personal certificates) and to authenticate email and web services (with server certificates).

To ease the workload of the central RRZ site, an additional registrar ("Participant Service") has been set up for personal certificates for the members of the Department of Informatics. Certificates for group/function mailboxes are also possible. In addition, approved server certificates can be activated here.

This Registration office is responsible solely for the Department of Informatics! For applications from other departments, please contact your colleagues there or at the RRZ!

With HARICA, the process for S/MIME and SSL certificates has been switched to "self-service" operation. However, server certificates must be activated by the Participant Service. New web forms are available for this purpose, as described on the Participant Service page.

Information about certificates is described in detail on the RRZ PKI website (in German).

If you have any questions, please contact the participant service at the Informatikum ( A. Heymann or R. Zierke ) or at the RRZ.

Notes:

The personal qualified certificates

  • can be integrated into mail clients,
  • can be used for signing and encryption (with some overhead),
  • are limited in time (up to 2 years), extension possible :
    for employees until retirement from the university,
    for students limited to the time of enrollment,
  • should be granted only for valid (fully qualified) UHH email addresses !
    example: Hans.Meier@uni-hamburg.de

Registered certificate holders can only be found in the PKI directory via ldap search query or in appropriately configured mail clients if  "Publication of the certificate" is approved when applying.

Server certificates must be approved by accredited persons (in the Informatics Department: R. Zierke and A. Heymann).

Notes on the use of certificates:

The registered certificates can only be used if they (and the certifying bodies) are known on the system and / or in the specific application.

In some applications the root certificates are pre-installed, in others they must be imported manually. Your personal certificate is automatically saved in your web browser when you apply for it. If not downloaded automatically, you usually have to export it manually from your web browser and import it into your mail client in order to be able to use the certificate there. Detailed information on this can be found on the PKI Web pages of the RRZ.

Security note:
For security reasons your personal certificates should be deleted from the browser's storage after exporting them to your mail clients(s).