Use of certificates
Certificate creation
On January 10, 2025, the provider SECTIGO switched off the creation of new personal and server certificates for the DFN. The portal of the new provider HARICA for the UHH/DFN is now available for the creation of user and server certificates!
Note: The HARICA portal is still under construction, the functionality is being expanded in coordination with the DFN association.
The current status of the links and handouts can always be found on the RRZ website!
Personal S/MIME / User Certificates:
User certificates for signing (and possibly encrypting) emails can be requested as "self service" by logging in with the "B-Kennung" (via Shibboleth login). Please use the link to the HARICA web form and the registration option "Academic Login" and select "University of Hamburg (UHH)". A handout (currently only in German) with the details is maintained by the RRZ. Please always read the current version carefully before applying for a certificate! There are several "traps" in the portal menus!
After approval via email confirmation and release you can download the certificate (once!).
Group certificates (-> functional mailboxes):
The application process is now also maintained as "self-service", but with a different registration process. Please always read the current instructions on the RRZ website carefully before applying for a certificate!
SSL/Server certificates:
Server certificates can now also be requested as "self service" by logging in with the "B-Kennung" (via Shibboleth login). Prepared CSR data (certificate signing request) can be uploaded or generated by Harica.
Please use the link to the HARICA web form and the registration option "Academic Login" and select "University of Hamburg (UHH)". A handout (currently only in German) with the details is maintained by the RRZ. Please read carefully before applying for a certificate! Here, too, there are several "traps" in the portal menus! The SSL certificates can currently only be applied for UHH subdomains!
The server certificate is not released automatically. Therefore, please send an email requesting release to vl-pki-ts.inf@uni-hamburg.de(vl-pki-ts.inf"AT"uni-hamburg.de) (don't use the web form linked in the RRZ webpage, which is operated by RRZ admins!).
Please include the following information in the email (*): Common Name (CN) of the certificate, date of creation
If you have any questions, please contact A. Heymann or R. Zierke at the IRZ directly.
Notes:
When applying for a server certificate, the following applies to the user:
- The certificate may only be installed on servers accessible under the name contained in the certificate.
- Every device on which he/she stores or uses the private key must be adequately protected, e.g., free of malware such as viruses and regularly updated with security patches.
- He/she is obligated to have the certificate revoked under the following conditions: The certificate contains information that is no longer valid, for example, after a name change.
- The private key or the associated passphrase/PIN has been lost, stolen, disclosed, or otherwise compromised or misused. He/she is no longer authorized to use the certificate.
Data protection:
The user agrees that the University of Hamburg, in this case: RRZ, may process his/her data for the following purpose(s): Activation. The data will be deleted 365 days after completion of processing. They can revoke their consent to RRZ at any time with future effect. Previous processing remains unaffected by such revocation.
You can find further information on data processing here.