Source: Freepik
As of August 15, 2023, you can request user certificates from GÉANT/TCS in the RA portal. The DFN-PKI Global used so far will cease operation on August 30, 2023.
User certificates function like a digital ID card. They are personal, which means that you can uniquely identify yourself as a user. You can use them to sign documents or e-mails and thus prove that you personally digitally signed a document or sent an e-mail.
You need a user certificate for your e-mail address? You already have a user certificate from DFN-PKI Global? How do you proceed now? In this blog post we would like to provide clarity and answer these and other questions on the subject.
Certificates Issued via DFN-PKI Global
You have already received a user certificate via DFN-PKI Global? Don’t worry! Your issued certificates are valid beyond August 30, 2023. The expiration date of the respective certificate applies here – a maximum of 3 years after issuance. However, if you want to submit your request via DFN-PKI Global in the near future, please note that it must be submitted to the IT-ServiceDesk at Seffenter Weg 23 by August 25, 2023 at the latest, or at SuperC by August 22, 2023. This is the only way your application can be considered and the certificate issued in time. You can find the exact process on IT Center Help.
The Correct E-Mail Domain in the RA-Portal
For your personal e-mail addresses with the domain @rwth-aachen.de you can request user certificates directly via the RA-Portal (ra-portal.itc.rwth-aachen.de). Your authorization is automatically retrieved from the Identity Management data in the RA portal. This eliminates the need to appear in person and have your identity checked on site at the IT-ServiceDesk.
For your institution-specific e-mail addresses, you will receive an invitation via e-mail, which you can then use to apply for the certificates in the RA portal. These invitations are triggered in the RA portal by the IT administrators. If you cannot see your institution-specific e-mail address in the RA portal, please contact the IT admins of your institution.
Please note that using multiple certificates for one e-mail address can lead to unfavorable situations with encrypted e-mails. For this reason, we recommend that those who already have a certificate in the DFN-PKI wait until the DFN-PKI certificate has expired before requesting a new one in the RA portal. To ensure that the expiration of the user certificate is not forgotten, you will receive a reminder e-mail 28 and 14 days before expiration.
Who Still Needs to Go to the IT-SD for an Identity Check?
Using the data in Identity Management, the RA portal determines your employee or student status at RWTH. These two user groups no longer need to go through a separate identity check at IT-SD before a user certificate can be issued. This was previously the case in the DFN-PKI.
The identity check that takes place during enrollment or recruitment by the ZHV (Central University Administration) is considered sufficient for the current GÉANT/TCS certification authority. Thus, the on-site identity verification is not required for RWTH members with employee or student status. All other applicants must go through a one-time identity check at the IT-ServiceDesk. For this purpose, our locations at Seffenter Weg 23 and SuperC are available during our opening hours. Please remember to bring a valid identification document! A prior appointment is not necessary.
For more information, please check our instructions on IT Center Help.
Responsible for the content of this article are Jelena Ćulum, Bernd Kohler und Ekaterini Papachristou.
Leave a Reply