You are here: Home Services IT Security Server Certificates Server Certificates

Server Certificates

Administrators may obtain server certificates via the HRZ

The HRZ operates its own CA for the University of Bonn, via the DFN-PKI. With this. CA Administrators may obtain server certificates for the servers of the University of Bonn.

The advantage of certificates obtained via the CAs of the DFN-PKI is that they are integrated into most operation systems.
For this reason, the application for the certificates must comply with some formal requirements.

Contact CA Admins


All further information regarding the application process or the extension of certificates may be obtained from the CA Admin:

Further Information


To apply for a server certificate, an administrator first needs to have a valid user certificate:
Application for user certificate for administrators


To apply for server certificates a valid e-mail address of the server administrator, as well as a certificate request (CSR) containing the private key and created with openssl must be included in the application.
You can find the application form for certificates under  
https://pki.pca.dfn.de/uni-bonn-ca/pub
Use the following command in openssl to create the certificate request (CSR): 

openssl req -newkey rsa:4096 -sha256 -keyout key.pem -out request.pem -subj /C=DE/ST=Nordrhein-Westfalen/L=Bonn/O="Rheinische Friedrich-Wilhelms-Universitaet Bonn" /CN=wiki-gemeinsam.rhrz.uni-bonn.de

 
whereby:
C (Country): DE
ST (State): State (e.g. Nordrhein-Westfalen)
L (Location): City (e.g. Bonn)
O (Organisation): Name of the organization (e.g. "Rheinische Friedrich-Wilhelms-Universitaet Bonn" with quotation marks)
OU (Department, optional): Name of the department (e.g. Rechenzentrum)
CN (FQDN of the server): e.g. www.muster.uni-bonn.de
e-mail address: e-mail address of the administrator
 
A password is needed.

Afterwards the key can be found in the file key.pem and the certificate request in the file request.pem.

At present no user certificates


Please note that at present no user certificates are issuable for capacity reasons (With the exception of sever operators).

 

Document Actions