PKI/certificates (IT security/encryption)

PKI certificates (Public Key Infrastructure) are used for secure digital communication and identification. They make it possible to encrypt and digitally sign emails, securely authenticate servers and establish encrypted connections.

Suitable for all persons with a UniAccount who work with sensitive data in research, administration or teaching and have to meet special requirements for data protection, authenticity and integrity.

The IT Service Center is responsible for issuing and managing the PKI certificates.

A PKI certificate is a digital ID issued by a trusted certification authority (CA). It confirms the identity of the certificate holder and can be used for various applications - such as email encryption or server authentication. The certificates are provided by the German Research Network (DFN).

PGP (Pretty Good Privacy) can also be used for e-mail encryption. However, this variant is not supported by the DFN certification authority and requires more manual administration.

Public certificate providers such as Let's Encrypt are suitable for TLS encryption of server services.

• Email encryption: Protection of confidential information in electronic communication.

• Digital signature: Ensuring the authenticity and integrity of emails.

• Server certificates: Securing web services (e.g. via HTTPS).

• Authentication: Securing services via certificate-based login procedures.

• A research assistant encrypts emails with personal research data.

• A server for a teaching platform is secured with a DFN server certificate to enable secure HTTPS access.

A valid UniAccount and a corresponding application via the IT Service Center are required to use a personal certificate. Knowledge of certificate management in e-mail programs or on servers is required for installation and use.

Certificates can be requested via the website of the IT Service Center. Authentication takes place via the UniAccount. For server certificates, a technical contact person must also be named.

No training courses are currently offered.

The certificates are subject to high security standards and are issued by the DFN-PKI. Private keys remain exclusively with the users and may not be passed on. Server certificates must be managed securely and renewed regularly.

The certificates are used within the scope of participation in the DFN-PKI. The certification guidelines of DFN-Verein apply. The responsibility for secure use lies with the user.