Electronic Signature - Public Key Infrastructure (PKI)

From 11.08.2022: No more video identity checks as part of the certificate application process

From 01.02.2020, the creation of user certificates for all TUD employees is possible via EVAZERT using the self-service portal Selfserviceportal.
Creation via EVAZERT is generally recommended because it is easy to use and paperless. With EVAZERT you can manage your certificates yourself in the self-service portal.
This service is not available for UKD employees.
Certificates for guest and function logins and server certificates can still only be created via the DFN-PKI.

General

Since 1 February 2017, DFN has been issuing certificates based on the root certificate "T-TeleSec GlobalRoot Class 2".
The address to be used: https://pki.pca.dfn.de/tu-dresden-g2-ca/cgi-bin/pub/pki

Since Juli 2006 the ZIH takes part in the PKI (Public Key Infrastructure) of the German Science Network as a registration authority and displays advanced certificates based on the X.509 standard. Applicable are the certification rules of the DFN-PKI for a global security level.

User certificates

User certificates offer you many fields of application at a high security level. They are used, for example, for the digital signature or the encryption of e-mails. The validity period is 36 months.
You can find the necessary information here:

Application for certificates

Via the sites of the TU Dresden CA users can apply for server certificates, lock certificates or search for them. When applying for a certificate, please fill in the web-form completely and follow the instructions in your browser. Print out your certificate application afterwards. Get a certification for this certificate from the ZIH user helpdesk. You need to show a valid ID dard. Generally, you will receive your submitted certificate within a few work days via e-mail from the DFN-CERT.

Please mind the following:

A certification of user certificates is only possible for e-mail adresses within the domain 'tu-dresden.de'. Users from the TU Dresden are able to choose a branch they belong to under <branch> in the web form.
A group certificate is applied for if functional e-mail addresses are certified. Here, for example, sekretariat-institut@tu-dresden.de is written in the field "E-Mail", in the field "Name" the function is to be entered in this form "GRP:Sekretariat-Institut". Only the registered contact person (with valid identity check) can apply for such a group certificate for the respective login.
Authentication:
- ask your local admin
- centrally: at the Service Desk
- An identity authentication is valid for 39 months.
Regarding server certificates, the PKCS#10 certificate application (.PEM file) has to be created by the server admin and embetted in the application. Only security certificates with a completely qualified DNS-entry under "CN=" and which are located in the TU Dresden IP adress space (141.30.0.0 und 141.76.0.0) will be certified. For an easier creation of the certificate application with OpenSSL, find a configuration file here.
Info from DFN: "In the course of 27 August 2020, the DFN-PKI will adjust the configuration so that newly issued server certificates have a validity period of 397 days. The 397 days are a SHOULD rule of the CA/Browser Forum".
Only original applications will be accepted.
- First applications will only be accepted in conjunction with the personally signed print out after the authentication.
- Follow-up applications can be signed with a valid digital signature and transmitted electronically to the Service Desk, provided that the identity is authenticated. Hand-signed applications will only be processed when the original print-out is handed in.
- Applications for certificates are valid for 6 months. It is not possible to process any application arriving outside this time limit.

Certificate Renewal

Important note: Please keep your old certificate, otherwise all data encrypted with it, e.g. e-mails, will no longer be readable!

Information for employees and members of the Faculty of Business and Economics, the Faculty of Architecture and the Faculty of Environmental Sciences as well as the Central University Administration (ZUV)

In order to continue using all applications and services that are based on this certificate, you must apply for a new certificate:

1. For personal identification when renewing a digital certificate, please see one of the following IT contact persons:

IT-contact person	Structural unit	Contact
Mr. Marco Barthel	Dean´s Office Faculty of Business and Economics	Tel.: +49 351 463 32843
Dr. Matthias Lohse	Head of Faculty of Economics Computing Laboratory	Tel.: +49 351 463 32792
Mr. Andreas Matthus	Dean´s Office Faculty of Architecture	Tel.: +49 351 463 33909
Mr. Daniel Henzen	Dean´s Office Faculty of Environmental Sciences	Tel.: +49 351 463 39275 / +49 351 463 31303
Mr. Andreas Gläser	IT Service Team Central University Administration / University Executive Board	Tel.: +49 351 463 35457
Mr. Christian Nitsch	IT Service Team Central University Administration / University Executive Board	Tel.: +49 351 463 32131
Mr. Michael Wilengowski	IT Service Team Central University Administration / University Executive Board	Tel.: +49 351 463 39102

2. You will receive a letter with the PIN for the renewal of your certificate. For personal identification, please bring a valid official identification document (identity card or passport) with you.

3. Please use the PIN when applying for a digital certificate via the following website: https://selfservice.zih.tu-dresden.de. There you will find the corresponding sub item "Certificate-Management > Certificate-Request" under the menu item "Access requirements" in the left column.

If your last personal identification by a person authorised to verify your identity was not more than 39 months ago, please proceed using the instructions described under 3. and use the PIN that you received in the latest letter. If you do not have your PIN anymore, proceed as described in steps 1 to 3.

You can view the status of your identity check in the Self Service Portal under My Profile in the "Master Data" section.

Important note: Please keep your old certificate, otherwise all encrypted data, such as emails, will no longer be readable!

If you have any questions, please contact .

Information for all other employees and members of Technische Universität Dresden or guests with an email address of Technische Universität Dresden

In order to continue using all applications and services that are based on this certificate, you must apply for a new certificate:

1. Open the website

https://pki.pca.dfn.de/tu-dresden-g2-ca/pub

2. Apply for a new certificate via the website as for the initial application and print out the generated certificate application. If you need further information, you will find a user guide under the menu item "Help".

3. Sign the certificate application and submit it personally to the Service Desk or to your authorised administrator.

In the case of renewal of a user certificate, your last personal identification by the subscriber service must not be older than 39 months. In the Self Service Portal, you can view the status of your identity check under My Profile in the "Master Data" section:

"Identity verified" = "No":
Submit the application form personally to the Service Desk or to your authorised administrator. The administrator will then identify you again on the basis of your valid ID document.
"Identity verified" = "Yes, ...":
Submit the application directly to the Service Desk (digitally signed by email or manually signed by in-house mail/in person).

In any case, your new certificate will be sent to you by email.

Important note: Please keep your old certificate, otherwise all encrypted data, such as emails, are no longer readable!

If you have any questions, please contact .

FAQ

Further Information: PKI FAQ.

Links to DFN-PKI

Here you find all information for certification within the new DFN-PKI-certification hierarchies:

further Information

SSL configuration of an Apache web server with a server certificate
Encryption, digital signatures, certificates (LRZ München)
PKS#10-request creation (Uni Hamburg)