What are server certificates used for?

Server certificates are used to enable a secure connection between server and client, for example, when sensitive data is to be transferred over a public network. The best-known example is the web server. Secure connections start with an https and are specially highlighted in the address bar of browsers.

Please note! Important IT security message

The German Federal Office for Information Security (BSI) strongly recommends the use of SSL/TLS certificates with a key length of at least 3072 bits (but no more than 4096 bits) in guideline TR-02102-2 ((https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-2.html). A longer key length offers a higher level of security against cryptographic attacks.

Therefore, please check whether your current SSL/TLS certificates (server certificates) have a sufficiently large key length. If you are currently using server certificates with a smaller key length, we recommend that you migrate to server certificates with a key length of at least 3072 bits as soon as possible.

Please note that the private key must also be replaced. The script (certificateapplication.sh) on login.uni-hohenheim.de has now been adapted to a key length of 4096 bits.

FAQ

General

Yes, log in with your Hohenheim user account at cm.harica.gr (Academic Login). Select "Server" in the menu and select the certificate to be revoked (three dots on top of each other). Select "Revoke".

The following formats are available for download:

PEM - Typical text format

DER - Typical binary format

DER CA - Typical binary format of the certificate of the issuing authority

PKCS7 (chain) - Typical text format including all certificate chains

PEM bundle - Typical text format including the entire certificate chain and the counter-certificate

The validity is 365 days (1 year).

Yes, you will receive the first reminder 15 days, the second 5 days and the third and final reminder 1 day before your certificate expires.

When creating the CSR using our script certificateapplication.sh (as described in our instructions "Creating CSR and applying for server certificate"), the private key is usually saved in your home directory (CIFS) /home/[initial letter of user name]/[user name]/[specified FQDN of server]/.
If you have not used the above script and have generated your CSR and private key yourself, you will find the private key in the directory you have specified.

ACME

Unfortunately not as of today (20/05/2025). Harica would like to realise this by the end of May. As soon as ACME is available again, we will inform you here.


Do you have questions or comments about this site? contact form