Universität Bonn

University IT and Data Center


The HRZ operates a registration point (RA) for the CA operated by the DFN-PKI. It is possible for administrators to obtain SSL certificates for servers in the network of the University of Bonn.

For whom?


The service is aimed at administrators at the University of Bonn.

What for?

Certificates from a PKI (Private Key Infrastructure) can be used for very different purposes. A server can use the server certificate to prove that it is the server it claims to be. In addition, the server certificate enables encrypted communication between the client and the server. To simplify the application for a server certificate, the server operator also needs a personal user certificate.

How does it work?

Some formalities must be observed when applying for certificates. You can obtain all the necessary information on applying for or renewing server certificates in advance from the CA administration: caadmin@uni-bonn.de.

Please proceed here only if you are familiar with the procedure. Otherwise you risk a non-processing or major delays in the processing of your application.


To apply for a server certificate, the administrator must first have a valid user certificate.

New Application

To request server certificates, a valid mail address of the server administrator (attention, only Uni-Bonn.de addresses!) and a certificate request (CSR) containing the private key and created with openssl must be entered in the certificate request at https://pki.pca.dfn.de/uni-bonn-ca-g2/pub using the following command:

openssl req -newkey rsa:4096 -sha256 -keyout key.pem -out request.pem -subj /C=DE/ST=Nordrhein-Westfalen/L=Bonn/O="Rheinische Friedrich-Wilhelms-Universitaet Bonn" /CN=servername.uni-bonn.de


C (Country):DE
ST (full name):Federal State (Nordrhein-Westfalen)
L (Place):Place (Bonn)
O (Institute):Name of the Institute ("Rheinische Friedrich-Wilhelms-Universitaet Bonn" mit den Gänsefüßchen)
CN (FQDN des Servers):z. B. www.muster.uni-bonn.de
emailAddress:Mailadresse des Administrators
The key is then in the file key.pem and the certificate request is in the file request.pem.


Detailed information and instructions can be found in the HRZ-Doku.
(Call only possible from the BONNET)

Related Topics

Further Information

Here you can find more information about the certificates.

Administrator Tools

Here you will find an overview of the administrator tools.

Wird geladen