New provider for server certificates
Certificates for encrypted connections to decentralized servers
Server certificates are used to verify the identity of a system to requesting clients. This protective measure is required for all publicly accessible remote server systems, and strongly recommended for systems that can be accessed internally.
The certificates are made available by DFN-Verein via the TCS (Trusted Certificate Services) service of the European research network GÉANT and provided by the cybersecurity provider Sectigo. The URZ is the local contact and registration point for the issuing process. These certificates enable you to establish encrypted connections (https) to the decentralized server and are recognized by all major browsers and email clients.
- IT representatives
- EDP representatives
- Certificate representatives
- URZ employees
- Ability to obtain certificates for secure, encrypted connections to a remotely located server
Access and requirements
The following requirements must be fulfilled to be able to request a certificate:
- The person requesting the certificate must be registered as an IT representative, an EDP representative, a certificate representative or be an employee at the URZ.
- A Certificate Signing Request (CSR) must be prepared.
For a detailed description of the certificate issuing process, please refer to the linked instructions.
Frequently Asked Questions
This is unfortunately only available with a great deak of time and effort, as the corresponding IP must be enabled manually and with the approval of several parties. Please contact us by mail at it-security[at]urz.uni-heidelberg.de if it is a technical requirement for you to be issued such a certificate.
How do I become a certificate representative? What rights come with this role?
As with the IT and EDP officers, this designation is made by the management of the institute. In the coming days, we will publish detailed instructions and a corresponding registration form. Certificate representatives can log on to the CSR submission platform CaeSaR where they can submit CSRs.
My browser isn't connecting to CaeSaR. What's going on?
Is your computer connected to the university network, either physically or through a VPN? For security reasons, CaeSaR can only be reach through internal IPs.
Which profiles are supported by the new certificates?
All certificates support ServerAuth and ClientAuth for the certificate purpose.
How do a get a certificate chain?
The certificate chain will also be linked in the email sent to download the certificate.
What technical changes come with the new certificates?
The new certificates only contain the primary attributes CN, O, ST, C. The attribute ST contains an umlaut ("Baden-Württemberg") which may lead to validation problems. Please check the new certificates prior to the changeover and factor in some lead time a test system.