Service Server certificates

Certificates for encrypted connections to decentralized servers

Server certificates are used to verify the identity of a system to requesting clients. This protective measure is required for all publicly accessible remote server systems, and strongly recommended for systems that can be accessed internally.

The certificates are made available by DFN-Verein via the TCS (Trusted Certificate Services) service of the European research network GÉANT and provided by the cybersecurity provider Harica. The URZ is the local contact and registration point for the issuing process. These certificates enable you to establish encrypted connections (https) to the decentralized server and are recognized by all major browsers and email clients.

CertMine SSL: Service for certificate self-service-management (only from the university network)

Target group

IT representatives
EDP representatives
Certificate representatives
URZ employees

Use

Ability to obtain certificates for secure, encrypted connections to a remotely located server

Access and requirements

The following requirements must be fulfilled to be able to request a certificate:

The person requesting the certificate must be registered as an IT representative, an EDP representative, a certificate representative or be an employee at the URZ.
A Certificate Signing Request (CSR) must be prepared.

For a detailed description of the certificate issuing process, please refer to the linked instructions.

How-to: Create a server certificate

Frequently Asked Questions

Table filters

Table

Can certificates with IP addresses be created?	This is not possible unfortunately.
How do I become a certificate representative? What rights come with this role?	As with the IT- and EDV-Beauftragten, the appointment is made by the institute management. Please contact us by email to receive the relevant form. A certificate representative (Zertifikatsbeauftragter) can log in to the CertMine self-service portal to apply for certificates and manage existing requests.
My browser isn't connecting to CertMine. What's going on?	Is your computer connected to the university network, either physically or through a VPN? For security reasons, CertMine can only be reached through internal IPs.
Which profiles are supported by the new certificates?	All certificates support ServerAuth and ClientAuth for the certificate purpose.
How do a get a certificate chain?	The certificate chain will also be linked in the email sent to download the certificate.
How do I revoke my own certificate from our old CA Sectigo?	To revoke a certificate, please go to the linked page. Select option 2a if you wish to continue using the private key and 2b if the key is to be replaced. If the methods offered there are not sufficient, please contact caesar[at]urz.uni-heidelberg.de with the certificate IDs of the certificates to be revoked.

How-tos

How-to

Create a server certificate

The following how-to explains how you can create a server certificate.

Deutsch

Contact