Server certificates can be requested via the GÉANT TCS service. (The DFN-PKI Security Level Global is no longer available for applying for server certificates).

Server administrators require accreditation of their institution. For this purpose, a signed e-mail from the management of a faculty or institution to rz-ra(at)rptu.de stating the first name, surname and e-mail address and permission to apply for server certificates for the faculty or institution is sufficient.

The accreditation remains valid until it is withdrawn or revoked. Existing accreditations from the DFN-PKI Security Level Global remain valid.

There are 2 different application channels for server certificates.

For the application via the web form, a CSR is uploaded which can be generated beforehand, e.g. with openssl. Authentication on the web form takes place via SSO with the RPTU account. In the CSR, it is sufficient to enter the FQDN in the CN and any necessary subject alternate names.

Details can be found in these instructions.

An ACME account is created for the application process with an ACME client (e.g. certbot). We will send you the necessary information and a certbot example in encrypted form. Please send a short e-mail to ra@rhrk.uni-kl.de stating the FQDN or the subdomain(s) for which server certificates are to be requested.

For teams that jointly take care of the certificates for servers, a joint ACME account may be sufficient. An ACME account can be used to apply for any certificates in the registered subdomains. Therefore, the data of the ACME account must be protected and must not be passed on.

Shibboleth IdP SP certificates for SAML communication can be requested in the DFN-Verein Community PKI. The advantage is the longer duration of the certificates.

The application is made via the web interface of the Community PKI

Please send the application receipt by digitally signed e-mail to rz-ra(at)rptu.de.