skip to content

Requesting a certificate / a public key

All employees of the University of Cologne can apply for a certificate from GÉANT Trusted Certificate Services. GÉANT TCS is provided by DFN.

If you are a member of the administration, you can find instructions on how to apply for a certificate for use as an electronic signature here and further information on signing and encrypting e-mails in IBM Notes on the website of the administration IT.

Application

1. Your personal certificate is valid for a specific ".. @uni-koeln.de" email address. By default, the email address accountname@uni-koeln.de is used for your certificate. If you use an alias (e.B. vorname.nachname@uni-koeln.de) and want to use the certificate for it, you must first define it in uniKIM (if you want to use your default email address, please skip to step 2).

To do this, log in to uniKIM and click on "Primary email address" under "Application" in the "Home page elements" group. Select one of your aliases and click on "Set primary email address".

Please note:

  • Currently, there is only the possibility to include an email address or an alias in the certificate (the service provider is currently trying to implement this).
  • Email addresses cannot be used that say ".@verw.uni-koeln.de", ".. @wiso.uni-koeln.de" etc. - without exceptions.

2. Now go to the website https://cert-manager.com/customer/DFN/idp/clientgeant. Select the University of Cologne from the list under "Find Your Institution", e.g. by entering "köln" as the search term. Clicking on the "University of Cologne" entry will take you to the next step.

 

3. Now log in with your employee account via Shibboleth.

 

4. Now select

  • as profile "IGTF-MICS Personal"
  • as Enrollment Method "Key Generation" and
  • as key "RSA 2048"

In addition, assign a password for the certificate file and tick license terms (EULA) (must be confirmed with "Agree").

Complete the process by clicking on "Submit".

5. Now save your certificate file in a safe place and store it together with the password you have assigned. You can now use your certificate file for the desired purposes (mail program, operating system, software application, browser, electronic signature, etc.).

Using the certificate in email clients provides instructions for setting up the certificate in email clients.

For the use as an electronic signature, you can find instructions on our website.

Contact
If you have any questions or problems, please contact the RRZK-Helpdesk