Apply for a user certificate

General

During the application, a cryptographic key pair (consisting of a public and a private key) will be generated by your browser and stored in the certificate store of the browser or the operating system. From this moment on, you need to ensure that no one else can gain access to your private key because its secrecy is a prerequisite for cryptographic security.

The IT Service Centre therefore expressly points out that you use NO PUBLIC COMPUTERS when applying for and subsequently storing your user certificate, but rather always use your personal devices or workstations with your personal (only used by you) account. Please note that you need access to the same device and the same browser after successful application.

Be aware that the IT Service Centre requires personal identification with a photo ID as a necessary part of the application process (see Step 6).

The instructions of the IT Service Centre can be taken through with Firefox  (recommended) on Windows, Linux oder MacOS X and with the Internet Explorer (separate instructions here) on Windows.

Step 1: Information for certificate holders

Please carefully read through the Information for certificate holders of the DFN-PKI.

Step 2: Call up the DFN-PKI application page of the HTW Dresden

[Translate to English:] Screenshot Zertifikat beantragen: Eingangsseite

Please call up the website "Willkommen zu den Antragsseiten der DFN-PKI" in your browser.

Choose the link "Zertifikate".

[Translate to English:] Screenshot Zertifikatsantrag Passwort eintragen

Choose a password to protect your private key.

You need the password to export the private key. Remember the password well. It can not be reset.

[Translate to English:] Screenshot Neues Zertifikat beantragen

Click on "Neues Zertifikat beantragen".

 

Step 3: Fill out the certificate data

[Translate to English:] Screenshot Zertifikatsantrag Ausfüllen der Daten

The application for a user certificate requires the following personal details:

  1. Please fill in your full first and last name. Please do not use umlauts. Titles are permitted if they can be confirmed by your official photo ID. 
  2. The entry e-mail requires your personal e-mail address at the HTW Dresden, indicated only in lower case letters.
    If possible, the Computing Centre recommends the use of your e-mail address in the form of "max.mustermann@htw-dresden.de, not in the form "login@htw-dresden.de" (see page Central mail server).
  3. Please fill in your Department (Abteilung), if available. This information is optional. 
  4. Choose Namensraum: "O=Hochschule fuer Technik und Wirtschaft Dresden,L=Dresden,ST=Sachsen,C=DE"
  5. The pin code (SPERR-PIN) is absolutely necessary and must be at least 8 digits. You need this PIN if you want to invalidate your certificate. This is necessary, for example, if other people had the possibility of accessing your private key.
  6. Please read the Information for certificate holders carefully and confirm this.
  7. Optionally, you can agree to the publication of your user certificate in the directory service of the DFN-PKI (see question 15 and 16 in the FAQ of the DFN-PKI).

Once entered correctly, please click on Continue (Weiter).

Step 4: Check the information for the certificate application

[Translate to English:] Screenshot Anzeige der Daten Zertifikatsantrag

Check the given data.

Then click on "Zertifikatsantrag anzeigen".

Step 5: Print certificate request

Print the application and sign it.

With this step, your private key is stored in the certificate store on the PC / notebook / Mac you are using. For this reason, please continue this manual later on the same device and with the same account and browser.

Step 6: Submit certificate application

[Translate to English:] Kopie des Nutzerantrages

For personal identification, please make an appointment with the IT Service Centre and bring a signed application and a valid official photo ID (identity card or driver's license) to be verified by.

Step 7: Merge certificate components

After successful identification, you will receive an e-mail from the DFN-PKI containing the public part of your certificate in the appendix. To bring the public and private keys together, open the link in the e-mail (see section "2. Your own certificate ...") with the previously used browser and click "Import certificate" on the opening page.

Your browser should then report that the certificate has been imported. From now on, the full and usable certificate for S/MIME-compatible mail programmes will be in the certificate store of your operating system or browser.

Next Step