Service description

Certficates can be used to verify the identity of the owner, and eventually other properties (e.g. Email or organisation), of a public key (refer to public key cryptography).

The used cryptohraphic keys can be used to generate electronic signatures and/or to establish encrypted communication channels.

Electronic signatures can offer:

  • authentication - linking the originator to the information
  • integrity - allowing any changes to the information provided to be detected more easily
  • non-repudiation - ensuring satisfaction (in a legal sense) about where the electronic signature has come from

The Certificate Authority "RWTH CA" is a Sub-CA in the DFN-PKI (Public Key Infrastructure). We adhere to the DFN-PKI Certificate Policy. The certificate applicant must be associated to the RWTH Aachen University.

The implemented certificate chain ends at a built-in Token from Deutsche Telekom, which is anchored within standard browsers, thus enabling the automated validation of the certificates issued.

The new RWTH-DFN certification portal provides an easy way to apply for X.509 user and server certificates.

As the root certificate is not installed in the cert store of older operating systems (Android <= 4.4) problems when validating the chain will occur.


Electronic signatures generated with cryptographic keys associated with our certificates have the status "advanced electronic signature", according to the German Signature Act.



A seperate Certificate Authority, the "RWTH Grid CA", issues X.509 certificates for grid computing, apply at DFN-Grid-certificates.

In this case the DFN-PKI-Grid-Policy applies.





Mit Firefox 71 können Zertifikate über eine neue Ansicht (HTML, CSS und JavaScript) angezeitg werden

Einstellungen → Datenschutz & Sicherheit → Zertifikate anzeigen → das gwünschte Zertifikat anzeigen (bspw. Zertifizierungsstelle:DFN-Verein:DFN-Verein-GS-CA - 02) → Ansehen (sieht in diesem Fall so aus)