Search

link to homepage

Institute for Advanced Simulation (IAS)

Navigation and service


Certificates at Research Center Jülich

These pages contain web links for requesting and managing so-called X.509v3 certificates, which are used to verify the authenticity of keys, which are mainly used to secure communication with e-mail partners and servers. The certificates issued by the JSC are part of the DFN-PKI (Public Key Infrastructure). The certification authorities of this PKI are operated by DFN-Cert Services GmbH.

Information on certificates and their use at Forschungszentrum Jülich can be found in the technical brief information TKI-365 (in German)

Provisions for the correct use of certificates of DFN-PKI by the certificate holders are described in the document "Informationen für Zertifikatinhaber" (in German).

_______________________________________________________________________   

News (3.9.2019)

Starting in September 2019, DFN-Cert will begin revising the websites for certificate application and management. Initially, this affects the user certificate pages only. Please notice that the new pages are also available in English.

  • Attention: the new web pages are not yet available for Edge. Users of Internet Explorer are redirected to the old application pages.
  • Starting the application process, the applicant must now set a passwort to protect the key material that is generated in the course of the application and stored in the browser, in particular the private key.
  • The certificate profile does not have to be selected, it is automatically set to "User". Only mail addresses with the domain fz-juelich.de can be used. The correct namespace is O=Forschungszentrum Juelich GmbH,C=DE. DFN-PCA will remove these selection fields on the webpage as all three can be filled in advance.
  • After entering the required information, the interface now offers two additional functions:

    Show certificate application is used to print out the application form

    Create certificate file is used after the completion of the certificate to create a password protected certificate file in the format PKCS#12. This file should be kept safe and secure as a backup of your own keys. In addition, it is used to make certificate and associated private key available for applications - if necessary also on other computers.

_______________________________________________________________________   

Applying for a certificate

Applying for a personal or group certificate is done in two steps:

  • Generate the key material and the certificate request via Web interface (Global Certificates → Application/Revocation). At the end of this step the certificate request has to be printed out.
  • Transmit the application to Teilnehmerservice at JSC (Dispatch). Attention: In the case of user certificates, a personal authentication at JSC based on an official photo ID of the applicant is required.

For server certificates, the process is described in the Document Information Server Certificates

After the certificate has been generated, the applicant will be notified about the completion by an electronically signed email. This mail contains links that can be used to import the certificate (and the certificates of the certification authorities). The sender and holder of the signature certificate is dfnpki-mailsender-noreply@dfn-cert.de

_______________________________________________________________________   

Teilnehmerservice

Located at JSC Dispatch (Building 16.4, Room 201 / Ground floor) Tel: +49 2461 61 5642, Opening hours: Mon - Fri: 09:00 - 11:30, additionally Thu: 13:30 - 16:00

The authentication of employees in field offices may also be carried out locally.

Contact at PTJ Berlin: +49 30 20199-460
Contact at PTJ Rostock: +49 381 20356-299

Contact at JCNS (Jülich): +49 2461 61 2498

Contact at IEK-11 Erlangen: +49 9131 85-20843

Contact at IEK-12 Münster: +49 251 83-30008

_______________________________________________________________________   

Validity of certificates

FZJ employees have two classes of user and server certificates in the DFN-PKI: Global certificates and Grid certificates.

 

Validityuser certificateserver certificate
Global3 years825 days
Grid1 year1 year

 

Grid certificates are only used by users and servers in the specific context of grid computing. This second class of certificates is required in addition to the "normal" Global certificates, because certain applications in the Grid environment do not support a hierarchical trust structure.


Servicemeu

Homepage