User Certificates (Advanced Electronic Signature)

Table of contents

    1. General
    2. Application and Setup
    3. Configuration Aids

General

A User Certificate is a digital identity that has been authenticated by a trustworthy authority. A user certificate consists of a public key and a private key. The private key belongs solely to the owner, is secret and may not be passed on to third parties. The private key must be protected by a password that is as complex as possible. On the other hand, the public key should be distributed as widely as possible, since other persons can use this key to send you encrypted e-mails (for example). Through the PKI your public key is safeguarded by ensuring your key actually comes from you. This is done via signature and the ability to be retrieved by everyone in the central directory service of the TU Dresden.

A user certificate within the framework of the TU Dresden CA corresponds with an advanced electronic signature according to SigG.

Advanced electronic signatures are applicable to the following:

  • Digital signatures of e-mail (with your private key)
  • Encryption of e-mail (with your communication partner’s public key)
  • Identifying oneself to systems/servers (access security via user certificate)
  • Encryption of data systems
  • Participating in Shibboleth
  • Digital signature of PDF documents with Adobe

Application and Setup

To apply for a user certificate, open the website of TU Dresden CA:

Please note that you need to apply for the certificate at your PERSONAL PC, logged into your personal account, since your private key will be saved in the browser/system.

When using the Internet Explorer, please open Tools -> “Internet Options” -> “Security” (Tab) -> “Trustworthy Sites” -> “Sites”. Enter https://pki.pca.dfn.de under Hinzufügen/ Add, and then click on Close and OK.

Fill in the required fields.

Enter your TU Dresden e-mail address under E-Mail. A user certificate can only be issued for an e-mail address of TU Dresden (only use lower case letters in your e-mail address).

Enter your first and last name under Name. Other titles given in your ID card or passport are permitted as well, e.g. Dr.

Under Department  enter your institute or organization, or leave the field blank.

The PIN, which is required to have at least 8 digits, can be used to revoke your user certificate, should it become necessary.

A group certificate is applied for if functional e-mail addresses are certified. Here, for example, sekretariat-institut@tu-dresden.de is written in the field "E-Mail", in the field "Name" the function is to be entered in this form "GRP:Sekretariat-Institut". Only the registered contact person (with valid identity check) can apply for such a group certificate for the respective login.

After confirming your information, your private key as well as your certification application will be created in your browser, in which the key will remain. <br> Please print out the certification application, add missing information by hand and take it and a valid ID (National ID, passport) to the Service Desk of TU Dresden, to have the application confirmed in person.

If you used Internet Explorer or Chrome for your application, your private key will be dropped into the Windows certificate storage. If you used Mozilla Firefox, the private key will be saved into the Firefox storage.

After signing and handing in your application to the Service Desk, you will receive an e-mail from DFN containing a link that will take you to your signed user certificate. Open the link in PRECISELY THE Mozilla Firefox/THE Windows Internet Explorer/ THE Chrome in which you applied for the certificate, to achieve the connection of the user certificate with the private key and use the certificate in other applications (s. 8.)

To do so, you will need to conduct a Certificate and private key Backup – i.e. saving the key pair (private and public key) into a so-called PKCS#12- file:

  • Mozilla Firefox
  • Internet Explorer

Save all certificates to an external storage unit (e.g. USB) to be able to run the certificates in case of a fault or defect in your PC.

Configuration Aids

Tutorials are available for several application scenarios of user certificates:

  • Digital signature of PDF documents with Adobe
  • Basic configuration of e-mail clients to use Certificates of DFN PKI
  • Configuration of e-mail clients to automatically install certificates from the DFN PKI LDAP directory
  • Configuration of e-mail clients to digitally sign e-mail
  • Configuration of e-mail clients to encrypt e-mail

About this page

ZIH Web
Last modified: May 03, 2022