Certificates at Research Center Jülich

These pages contain web links for requesting and managing so-called X.509v3 certificates, which are used to verify the authenticity of keys, which are mainly used to secure communication with e-mail partners and servers. The certificates issued by the JSC are part of the DFN-PKI (Public Key Infrastructure). The certification authorities of this PKI are operated by DFN-Cert Services GmbH.

Information on certificates and their use at Forschungszentrum Jülich can be found in the technical brief information TKI-365 (in German)

Provisions for the correct use of certificates of DFN-PKI by the certificate holders are described in the document "Informationen für Zertifikatinhaber" (in German).

_______________________________________________________________________   

News (update 12.3.2020)

Attention: the application for certificates with Edge is currently not supported.
___________________________________________________________________________________________

For Windows users who want to use their certificate in Microsoft applications (e.g. Outlook), it is recommended to use Internet Explorer to apply and follow the instructions.

Start: https://pki.pca.dfn.de/dfn-pki/dfn-ca-global-g2/2100
___________________________________________________________________________________________

When using other browsers such as Firefox or Chrome, the application process comprises these steps that follow one another in time:

1. Navigate to the application pages for user certificates, you can switch between german and english language. https://pki.pca.dfn.de/dfn-pki/dfn-ca-global-g2/2100
   
2. Click Apply for a new certificate.
   
3. Enter your name, your email address, the abbreviation of your organizational unit (optional) the blocking PIN on the application page. The personal note is for your information only and can be omitted.
   
4. After pressing Next, the application can be checked again and changed if necessary.
   
5. With Save certificate application data file, the application is sent and a local backup file is generated which must be saved. Since this file also contains the private key, it must be protected by a password. The download folder is defined in the browser settings.
   
6. Click Download certificate application form (PDF) to get the application form for printing or saving. This form must be signed by the user and handed out to JSC-Dispatch before the certificate can be issued. For further details about applying for a personal certificate: see below.
   
7. When the new certificate is created, the user is informed by an electronically signed email from dfnpki-mailsender-noreply@dfn-cert.de. This mail contains web links, so please check your SPAM folder if necessary.
   
8. Please follow the link to your own certificate and select the application file that you saved when you applied. After entering the password, press Next.
   
9. Save certificate file to generate a PKCS#12 file. In addition to the certificate, this file also contains the associated private key of the owner. It must therefore be protected with a strong password. The file can now be imported into applications, e.g. into Thunderbird or into the Windows certificate store for use with Outlook

___________________________________________________________________________________________

The signed certificate application must be handed out to the subscriber service (Teilnehmerservice) at JSC (Dispatch).

Attention: In the case of user certificates, a personal authentication of the applicant at JSC-Dispatch is required for the first application. JSC-Dispatch is obliged to check your identity card.

This authentication is not required for a subsequent application if the last authentication was less than 39 months ago. In this case, the signed application can also be sent by mail or as an attachment to an electronically signed email to dispatch.jsc@fz-juelich.de.

After generating the certificate, the applicant will be notified of the completion by email. This mail contains links that can be used to import the certificate (and the certificates of the certification bodies).

These emails are electronically signed. The sender and holder of the signature certificate is dfnpki-mailsender-noreply@dfn-cert.de

_______________________________________________________________________   

Teilnehmerservice

Located at JSC Dispatch (Building 16.4, Room 201 / Ground floor) Tel: +49 2461 61 5642, Opening hours: Mon - Fri: 09:00 - 11:30, additionally Thu: 13:30 - 16:00

The authentication of employees in field offices may also be carried out locally.

Contact at PTJ Berlin: +49 30 20199-460
Contact at PTJ Rostock: +49 381 20356-299

Contact at JCNS (Jülich): +49 2461 61 2498

Contact at IEK-11 Erlangen: +49 9131 85-20843

Contact at IEK-12 Münster: +49 251 83-30008

_______________________________________________________________________   

Validity of certificates

FZJ employees have two classes of user and server certificates in the DFN-PKI: Global certificates and Grid certificates.

 

Validity	user certificate	server certificate
Global	3 years	825 days
Grid	1 year	1 year

 

Grid certificates are only used by users and servers in the specific context of grid computing. This second class of certificates is required in addition to the "normal" Global certificates, because certain applications in the Grid environment do not support a hierarchical trust structure.

Area Menu

Additional Information