skip to content


Certificates serve to protect confidential data. Data is protected from unwanted access during transmission by automatic encryption.

Employees of the University of Cologne can sign and encrypt e-mails and PDF documents using S/MIME (Secure Multipurpose Internet Mail Extensions).

In the web area, you can recognize encryption by the protocol name "HTTPS". The server requires a certificate to identify itself as 'legit' to the requesting client. 

Working principle of S/MIME

Everyone who uses encryption through S/MIME receives a matched key pair. This consists of a private and a public key.

With both keys you can exchange confidential data with other S/MIME users in two ways:

  • Person A sends and encrypts a message with the public key of the receiving person B (which the user has previously received via signed e-mail or similar). Only person B can then decrypt and read the message with his private key.
  • Person A provides a message with a personal signature that was generated using his private key. Person B can then verify the identity of person A using the public key.

The public key (in the S/MIME context: the certificate) is certified by a certification authority (CA) and communicated to the users by e-mail.

The private key is automatically generated in the browser when the request is made and stored in the browser's certificate store (public PC pools are therefore not suitable for a request). If necessary, you should export the private key from the browser afterwards and import it into an e-mail program in order to be able to use S/MIME-based encryption.

The private key plays a central role in S/MIME, which is why you should handle it sensitively.

Application and usage

Further information on the application can be found on our website.

Certificates can be applied in various areas. These include:

  1. Signing and encrypting e-mails 
  2. Electronic signature
  3. Server

If you have any questions or problems, please contact the RRZK-Helpdesk