Certificates at TU Dortmund University
As part of the DFN-PKI structure, the ITMC of the Technical University of Dortmund operates a registration agency for checking certificate requests. Here, certificate requests created via web interface can be authenticated and further processing initiated. The procedure used to date expires on Dec. 30, 2022, for server certificates and in the middle of 2023 for personal certificates. DFN has outsourced its certificate service. It is now implemented via GÉANT Trusted Certificate Services, currently with the company Sectigo as provider.
The old certificates are hierarchically residing below the "T-Telesec GlobalRoot Class 2" and are automatically recognized by all current browsers and operating systems. The new certificates are located below the "USERTrust RSA Certification Authority" or "USERTrust ECC Certification Authority", which are also anchored in current systems.
- Server certificates can be applied for by permanent employees of the university for services on servers under their care. The computer/service must be entered in the DNS and correspond to the CN used in the certificate. For this purpose, a certificate request in PKCS#10 format must be available (e.g. generated using openssl). The maximum lifetime of server certificates is currently approx. 12 months (397 days).
- Personal certificates are only issued in exceptional cases, as personal certificates with the same security requirements are generated in connection with the application for a "UniCard" or "UniCard Personal".
- Grid certificates can be applied for by employees of TU Dortmund University for the use of services in D-Grid or EUGrid.
- Application pages GÉANT TCS (Server) The enrollment is done with the help of the university ID via our SSO pages. As Institution please select "Technische Universität Dortmund" and as Select Enrollment Account "TU Dortmund SSL SAML Web Form". After that you can upload a CSR (Certificate Signing Request) file and initiate further processing. Paper forms are not necessary here. If you have already applied for certificates in this way, you will first see an overview page with your certificates and can submit a new application via "Enroll Certificate". The signed certificate will then arrive by mail from the sender: Certificate Services Manager <email@example.com>. You can find a sample application with screenshots under this link.
- Application pages DFN-PKI (old) Here, a signed paper form must be submitted to the registration agency following the upload of the CSR. In case of personal or grid certificates a personal appearance is necessary.
- Application pages DFN-PKI Grid (old) After uploading the CSR, a signed paper form must be submitted to the registration agency. In the case of personal or grid certificates, a personal appearance is required.
For browsers that have problems accessing pages signed with DFN or GÉANT certificates, all necessary root and intermediate certificates are linked here:
If you have any questions, please contact the registration agency of TU Dortmund University at rapki.tu-dortmundde. Further information on the DFN-PKI can be found on the PCA pages of the DFN-CERT: