Request user certificate

At the end of January 10, 2025, the service provider Sectigo stopped issuing certificates (server, user and code signing certificates) for all GÉANT TCS customers. This affects a large number of (research) institutions in Europe, including many in Germany, as well as the University of Hohenheim.

There is already a new provider and we have made the appropriate preparations. New functions are currently being implemented. As soon as server or user certificates can be requested and issued again, we will provide information and update this website. In urgent cases, please contact us by e-mail.

What are user certificates used for?

Emails are sent in plain text by default by email programs such as MS Outlook, Thunderbird, or even Webmail. On the way from the sender to the recipient, the email could be modified and read. Therefore, email certificates (user certificate in this case) are used for this purpose. These provide protection to ensure authentication of the sender and optionally encrypt emails.

In addition, PDF files can be signed with a user certificate. This serves to guarantee that the document is an unaltered version of the signer(s). You can find in the instructions on how to prepare this on the right.

FAQ

General

How long is my on-site identification valid?

The on-site identification is valid for 825 days from the time of identification by the IT Service Desk.

How long is my user certificate valid?

The user certificate has a validity/period of 730 days (2 years).

I receive an error message when applying for a user certificate or after entering my Hohenheim user data. What can I do?

Probably no on-site identification of your person has taken place yet or it is no longer valid (validity period 825 days). Therefore, you are not (anymore) authorized to apply for a certificate. Please fill out the form and come to our IT service desk (Biogebäude 1, Garbenstraße 30, 1.UG) for (re-)identification.

Outlook

No FAQ's found.

Thunderbird

I get the error message "Certificate management cannot find a valid certificate, ..."

Error message in Thunderbird: "Certificate management cannot find a valid certificate that can be used to digitally sign your messages with the address <vorname.nachname@uni-hohenheim.de>."

Navigate to the "Account Settings" under the "Extras" menu.
Select "End-to-end encryption" on the left.
Click on the "Select" button under "Personal certificate for digital signature" and under "Personal certificate for encryption" and select the new valid certificate.

I get the error message "Sending the message failed: you have selected to digitally sign this message, but..."

Error message in Thunderbird: "Sending the message failed: You have chosen to digitally sign this message, but the application could not find the signing certificate you specified in your account settings or the certificate has expired."

Navigate to the "Account Settings" under the "Extras" menu.
Select the "End-to-end encryption" on the left.
Click on the button "Manage S/MIME certificates".
Click on "Import" and select the new certificate.
Click on "Empty" for "Personal certificate for digital signature" and for "Personal certificate for encryption".
Click on the "Select" button under "Personal certificate for digital signature" and under "Personal certificate for encryption" and select the new valid certificate.

Do you have questions or comments about this site? contact form