During the application, a cryptographic key pair (consisting of a public and a private key) will be generated by your browser and stored in a file. From this moment on, you need to ensure that no one else can gain access to your private key because its secrecy is a prerequisite for cryptographic security.
The IT Service Centre therefore expressly points out that you use NO PUBLIC COMPUTERS when applying for and subsequently storing your user certificate, but rather always use your personal devices or workstations with your personal (only used by you) account. Please note that you need access to the same device and the same browser after successful application.
Be aware that the IT Service Centre requires personal identification with a photo ID as a necessary part of the application process (see Step 6).
The instructions of the IT Service Centre can be taken through with Firefox or Chrome (recommended) on Windows, Linux oder MacOS X and with the Internet Explorer on Windows.
Step 1: Information for certificate holders
Please carefully read through the Information for certificate holders of the DFN-PKI.
Step 2: Call up the DFN-PKI application page of the HTW Dresden
Please call up the website "Willkommen zu den Antragsseiten der DFN-PKI" in your browser.
Choose the link "Ein neues Nutzerzertifikat beantragen".
Step 3: Fill out the certificate data
The application for a user certificate requires the following personal details:
- Please fill in your full first and last name. Please do not use umlauts. Titles are permitted if they can be confirmed by your official photo ID.
- The entry e-mail requires your personal e-mail address at the HTW Dresden, indicated only in lower case letters.
Please use your e-mail address in the form of "email@example.com, not in the form "firstname.lastname@example.org" (see page E-Mail).
- Please fill in your Department (Abteilung), if available. This information is optional.
- Choose Namensraum: "O=Hochschule fuer Technik und Wirtschaft Dresden,L=Dresden,ST=Sachsen,C=DE"
- The pin code (SPERR-PIN) is absolutely necessary and must be at least 8 digits. You need this PIN if you want to invalidate your certificate. This is necessary, for example, if other people had the possibility of accessing your private key.
- Optionally, you can add a personal note to your certificate file.
- Please read the Information for certificate holders carefully and confirm this.
- Optionally, you can agree to the publication of your user certificate in the directory service of the DFN-PKI (see question 15 and 16 in the FAQ of the DFN-PKI).
Once entered correctly, please click on Continue (Weiter).
Step 4: Check the information for the certificate application
Check the given data.
Then click on "Antragsdatei speichern".
Choose a password to protect your private key.
You need the password to import the private key in other applications . Remember the password well. It can not be reset.
Firefox creates an application file that you save on your PC. The application file has the extension .json
Use a drive that cannot be viewed by other people. Make a note of the storage location, you need the file to merge the certificates.
Step 5: Print certificate request
Klick on "Zertifikatantragsformular (PDF) herunterladen".
Print the application and sign it.
With this step, your private key is stored in the certificate store on the PC / notebook / Mac you are using. For this reason, please continue this manual later on the same device and with the same account and browser.
Step 6: Submit certificate application
For personal identification, please make an appointment with the IT Service Centre and bring a signed application and a valid official photo ID (identity card or driver's license) to be verified by.
Step 7: Merge certificate components
After successful identification, you will receive an e-mail from the DFN-PKI containing the public part of your certificate in the appendix. To bring the public and private keys together, open the link in the e-mail with the previously used browser. Enter the password you assigned in step 2.
Your browser should then report that the certificate has been imported. From now on, the full and usable certificate for S/MIME-compatible mail programmes will be in the certificate store of your operating system or browser.
Assign a password again to protect your certificate file. It can be the same as for the certificate application.
Remember the password well. Without a password the certificate file is unusable. Save the certificate file on a personal drive. In the case you computer breaks down, it is still available.
Click on "OK". Select the location for your certificate file. The file has the extension .p12.