What are server certificates used for?

Server certificates are used to enable a secure connection between server and client, for example, when sensitive data is to be transferred over a public network. The best-known example is the web server. Secure connections start with an https and are specially highlighted in the address bar of browsers.

Please note! Important IT security message

The German Federal Office for Information Security (BSI) strongly recommends the use of SSL/TLS certificates with a key length of at least 3072 bits (but no more than 4096 bits) in guideline TR-02102-2 ((https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-2.html). A longer key length offers a higher level of security against cryptographic attacks.

Therefore, please check whether your current SSL/TLS certificates (server certificates) have a sufficiently large key length. If you are currently using server certificates with a smaller key length, we recommend that you migrate to server certificates with a key length of at least 3072 bits as soon as possible.

Please note that the private key must also be replaced. The script (certificateapplication.sh) on login.uni-hohenheim.de has now been adapted to a key length of 4096 bits.

FAQ

General

Yes, log in with your Hohenheim user account at cm.harica.gr (Academic Login). Select "Server" in the menu and select the certificate to be revoked (three dots on top of each other). Select "Revoke".

The following formats are available for download:

PEM - Typical text format

DER - Typical binary format

DER CA - Typical binary format of the certificate of the issuing authority

PKCS7 (chain) - Typical text format including all certificate chains

PEM bundle - Typical text format including the entire certificate chain and the counter-certificate

The validity is 365 days (1 year).

Yes, you will receive the first reminder 15 days, the second 5 days and the third and final reminder 1 day before your certificate expires.

When creating the CSR using our script certificateapplication.sh (as described in our instructions "Creating CSR and applying for server certificate"), the private key is usually saved in your home directory (CIFS) /home/[initial letter of user name]/[user name]/[specified FQDN of server]/.
If you have not used the above script and have generated your CSR and private key yourself, you will find the private key in the directory you have specified.

ACME

ACME (Automated Certificate Management Environment) is simply a protocol. This protocol allows you to automate the procurement, renewal, and revocation of certificates. ACME is recommended for professional use! This is essential due to the ever-decreasing validity period of SSL server certificates.

Yes! Please send us an email to kim-pki@uni-hohenheim.de. All we need from you is the exact FQDN(s) that should be included in the certificate. We also need to be able to send you the account data. To do this, you will need a user certificate so that we can send it to you digitally and encrypted. Alternatively, you can make an appointment and have the data stored here with us on a storage medium.

For Linux environments, there is certbot. Detailed documentation can be found here https://certbot.eff.org/.

For Windows environments, there is winacme. Detailed documentation can be found here https://www.win-acme.com/.

Example calls, further explanations, and important information directly related to HARICA can be found here https://doku.tid.dfn.de/de:dfnpki:tcs:2025:acme

Do you have questions or comments about this site? contact form

Instructions

Applying for a server certificate

Do you have any questions?

send us an email to

kim-pki@uni-hohenheim.de