Server Certificates
Administrators may obtain server certificates via the HRZ
The HRZ operates its own CA for the University of Bonn, via the DFN-PKI. With this. CA Administrators may obtain server certificates for the servers of the University of Bonn.
The advantage of certificates obtained via the CAs of the DFN-PKI is that they are integrated into most operation systems.
For this reason, the application for the certificates must comply with some formal requirements.
Contact CA Admins
All further information regarding the application process or the extension of certificates may be obtained from the CA Admin:
Further Information
To apply for a server certificate, an administrator first needs to have a valid user certificate:
Application for user certificate for administrators
To apply for server certificates a valid e-mail address of the server administrator, as well as a certificate request (CSR) containing the private key and created with openssl must be included in the application.
You can find the application form for certificates under
https://pki.pca.dfn.de/uni-bonn-ca-g2/pub
Use the following command in openssl to create the certificate request (CSR):
openssl req -newkey rsa:4096 -sha256 -keyout key.pem -out request.pem -subj /C=DE/ST=Nordrhein-Westfalen/L=Bonn/O="Rheinische Friedrich-Wilhelms-Universitaet Bonn" /CN=wiki-gemeinsam.rhrz.uni-bonn.de
C (Country): DE
ST (State): State (e.g. Nordrhein-Westfalen)
L (Location): City (e.g. Bonn)
O (Organisation): Name of the organization (e.g. "Rheinische Friedrich-Wilhelms-Universitaet Bonn" with quotation marks)
OU (Department, optional): Name of the department (e.g. Rechenzentrum)
CN (FQDN of the server): e.g. www.muster.uni-bonn.de
e-mail address: e-mail address of the administrator
A password is needed.
Afterwards the key can be found in the file key.pem and the certificate request in the file request.pem.
At present no user certificates
Please note that at present no user certificates are issuable for capacity reasons (With the exception of sever operators).
