skip to content

Requesting a certificate / a public key

All employees of the University of Cologne can apply for a certificate from GÉANT Trusted Certificate Services. GÉANT TCS is provided by DFN.


1. Your personal certificate is valid for a specific ".." email address. By default, the email address is used for your certificate. If you use an alias (e.B. and want to use the certificate for it, you must first define it in uniKIM (if you want to use your default email address, please skip to step 2).

To do this, log in to uniKIM and click on "Primary email address" under "Application" in the "Home page elements" group. Select one of your aliases and click on "Set primary email address".

Please note:

  • Currently, there is only the possibility to include an email address or an alias in the certificate (the service provider is currently trying to implement this).
  • Email addresses cannot be used that say "", ".." etc. - without exceptions.
  • The primary email address affects only the email address field of the certificate and ensures that emails are signed with the correct address. It does not affect the display name or signature stamps in Adobe products, PDF tools, etc.

2. Now go to the website Select the University of Cologne from the list under "Find Your Institution", e.g. by entering "köln" as the search term. Clicking on the "University of Cologne" entry will take you to the next step.


3. Now log in with your employee account via Shibboleth.


4. Now select

  • as profile "IGTF-MICS Personal"
  • as Enrollment Method "Key Generation" and
  • as key "RSA 2048"

In addition, assign a password for the certificate file and tick license terms (EULA) (must be confirmed with "Agree").

Select "Compatible TripleDES-SHA1" as the key protection algorithm.

Complete the process by clicking on "Submit".

5. Now save your certificate file in a safe place and store it together with the password you have assigned. You can now use your certificate file for the desired purposes (mail program, operating system, software application, browser, electronic signature, etc.).

Using the certificate in email clients provides instructions for setting up the certificate in email clients.

For the use as an electronic signature, you can find instructions on our website.

If you have any questions or problems, please contact the RRZK-Helpdesk