Request user certificate

What are user certificates used for?

Emails are sent in plain text by default by email programs such as MS Outlook, Thunderbird, or even Webmail. On the way from the sender to the recipient, the email could be modified and read. Therefore, email certificates (user certificate in this case) are used for this purpose. These provide protection to ensure authentication of the sender and optionally encrypt emails.

In addition, PDF files can be signed with a user certificate. This serves to guarantee that the document is an unaltered version of the signer(s). You can find in the instructions on how to prepare this on the right.

Prerequisites and procedure

Campus

Requirements / Preparation

Procedure

Please be sure to note:
You can only carry out the following steps if you fulfil or have carried out the above-mentioned "prerequisites / preparations"! Otherwise this will result in an error message!

  • After successful verification you will receive an email from the "Sectigo Certificate Manager" in your e-mail box.
  • Now click the button "Verify Email Address" in the received email.
  • Now fill in all the required fields in the browser window that opens:
    1. Certificate Profile is not changeable!
    2. Certificate Term is not changeable! The term/validity of the certificate is 730 days.
    3. Key Type is not changeable! RSA - 4096 is preset by default.
    4. Do not change the "First Name", "Middle Name" and "Last Name" field under any circumstances! Otherwise this will lead to the revocation of your certificate!
    5. Now confirm the license agreement by checking the box and select "Accept". This will finally set the checkmark.
    6. By clicking on "Submit" the certificate will be prepared. Do not close the browser window under any circumstances! The preparation of the certificate can take up to 4 minutes!
    7. PLEASE NOTE: Under the drop-down menu "Choose key protection algorithm", select "Secure AES256-SHA256".
    8. Now set a password for the protection of the private key. Be sure to make a note of this password! If the password is lost, the certificate becomes unusable! The password will be needed again later, when integrating the certificate in the e-mail program!
    9. By clicking on "Download" the certificate will be created and downloaded immediately. In most cases, you will now find the certificate in the "Downloads" and can now use the certificate. The file is saved as a .p12 file (example: smime_eyJpZCI6Mjg1NDIyMCwidsfsdfsdSI6IlNNSU1FIn0_.p12).
    10. The tab in the browser can now simply be closed after logging out.
    11. At the top right you will find the instructions for integrating the certificate into your e-mail programme.

University Administration

Requirements / preparation

 What to do

Please note:
You can only carry out the following steps if you fulfill or have carried out the above-mentioned “requirements / preparation”! Otherwise this will lead to an error message!

  • After successful verification you will receive an email from the "Sectigo Certificate Manager" in your administration mailbox.
  • Now click the "Verify Email Address" button in the email.
  • Now fill in all the required fields in the browser window that opens:
    1. Certificate Profile cannot be changed!
    2. Certificate Term cannot be changed! The term/validity of the certificate is 730 days.
    3. Key type cannot be changed! RSA - 4096 is preset by default.
    4. Do not change the "First Name," "Middle Name," or "Last Name" fields under any circumstances! Otherwise your certificate will be revoked!
    5. Now confirm the license agreement by checking the box and select “Accept.” This will set the checkmark.
    6. By clicking on "Submit" the certificate will be prepared. Do not close the browser window under any circumstances! The preparation of the certificate can take up to 4 minutes!
    7. PLEASE NOTE: Under the "Choose key protection algorithm" drop-down menu, you must select "Secure AES256-SHA256".
    8. Now set a password to protect the private key. Be sure to make a note of this password! If the password is lost, the certificate becomes unusable!
      The password is required again later when the certificate is integrated in the email program!
    9. Click on "Download" to create and download the certificate immediately. In most cases you will now find the certificate in "Downloads" and can now use the certificate. The file is saved as a .p12 file (example: smime_eyJpZCI6Mjg1NDIyMCwidsfsdfsdSI6IlNNSU1FIn0_.p12).
    10. The tab in the browser can now simply be closed after logging out.
    11. In the upper right corner you will find the instructions for integrating the certificate into your email program.

FAQ

General

The on-site identification is valid for 825 days from the time of identification by the IT Service Desk.

The user certificate has a validity/period of 730 days (2 years).

Probably no on-site identification of your person has taken place yet or it is no longer valid (validity period 825 days). Therefore, you are not (anymore) authorized to apply for a certificate. Please fill out the form and come to our IT service desk (Biogebäude 1, Garbenstraße 30, 1.UG) for (re-)identification.

Outlook

No FAQ's found.

Thunderbird

Error message in Thunderbird: "Certificate management cannot find a valid certificate that can be used to digitally sign your messages with the address <vorname.nachname@uni-hohenheim.de>."

  • Navigate to the "Account Settings" under the "Extras" menu.
  • Select "End-to-end encryption" on the left.
  • Click on the "Select" button under "Personal certificate for digital signature" and under "Personal certificate for encryption" and select the new valid certificate.

 

 

Error message in Thunderbird: "Sending the message failed: You have chosen to digitally sign this message, but the application could not find the signing certificate you specified in your account settings or the certificate has expired."

  • Navigate to the "Account Settings" under the "Extras" menu.
  • Select the "End-to-end encryption" on the left.
  • Click on the button "Manage S/MIME certificates".
  • Click on "Import" and select the new certificate.
  • Click on "Empty" for "Personal certificate for digital signature" and for "Personal certificate for encryption".
  • Click on the "Select" button under "Personal certificate for digital signature" and under "Personal certificate for encryption" and select the new valid certificate.

Do you have questions or comments about this site? contact form