Service description

Certificates can be used to verify the identity of the owner, and eventually other properties (e.g. Email or organisation), of a public key (refer to public key cryptography).

The generated cryptographic keys can be used to generate electronic signatures and/or to establish encrypted communication channels.

Electronic signatures can offer:

  • authentication - linking the originator to the information
  • integrity - allowing any changes to the information provided to be detected more easily
  • non-repudiation - ensuring satisfaction (in a legal sense) about where the electronic signature has come from

The Registration Authority at the RWTH is part of the DFN-PKI (Public Key Infrastructure). We adhere to the DFN-PKI Certificate Policy. The certificate applicant must be associated to the RWTH Aachen University.

The certificate chain of the DFN-PKI ends at a root certificate from T-TeleSec, which is anchored (built-in) within standard browsers and e-mail applications, thus enabling the automated validation of the user and server certificates issued.


The RWTH-DFN certification portal provides an easy way to apply for X.509 user and server certificates.

As the root certificate is not installed in the cert store of older operating systems (Android <= 4.4) problems when validating the chain will occur.


Electronic signatures generated with cryptographic keys associated with our certificates have the status "advanced electronic signature", according to the German Signature Act.



=== GRID === GRID === GRID === GRID === GRID === GRID === GRID === GRID === GRID === GRID ===

A separate Certificate Authority, the "RWTH Grid CA", issues X.509 certificates for grid computing, apply at DFN-Grid-certificates.

In this case the DFN-PKI-Grid-Policy applies.





Am 03.06.2020 werden die Version 7 der Zertifizierungsrichtlinie und der Erklärung zum Zertifizierungsbetrieb der DFN-PKI "Global" in Kraft treten.

Im Kapitel 6.3.2 wird die Laufzeit von Zertifikaten für Datenverarbeitungssysteme (nach Apples Vorgaben) ab dem 01.09.2020 angepasst.

  - ausgestellt bis 25.2.2018 gültig 36 Monate
  - ausgestellt ab 26.02.2018 bis zum 01.09.2020 gültig 825 Tage (ca. 27,5 Monate)
  - ausgestellt ab 01.09.2020 gültig 398 Tage

Nutzerzertifikate sind von der neuen Regelung nicht betroffen, d.h. maximale Gültigheitsdauer bleibt bei 36 Monate.