Certificates serve to protect confidential data. Data is protected from unwanted access during transmission by automatic encryption.

Employees of the University of Cologne can sign and encrypt e-mails and PDF documents using S/MIME (Secure Multipurpose Internet Mail Extensions).

In the web area, you can recognize encryption by the protocol name "HTTPS". The server requires a certificate to identify itself as 'legit' to the requesting client. 

Everyone who uses encryption through S/MIME receives a matched key pair. This consists of a private and a public key.

With both keys you can exchange confidential data with other S/MIME users in two ways:

• Person A sends and encrypts a message with the public key of the receiving person B (which the user has previously received via signed e-mail or similar). Only person B can then decrypt and read the message with his private key.
• Person A provides a message with a personal signature that was generated using his private key. Person B can then verify the identity of person A using the public key.

The public key (in the S/MIME context: the certificate) is certified by a certification authority (CA) and communicated to the users by e-mail.

The private key is automatically generated in the browser when the request is made and stored in the browser's certificate store (public PC pools are therefore not suitable for a request). If necessary, you should export the private key from the browser afterwards and import it into an e-mail program in order to be able to use S/MIME-based encryption.

The private key plays a central role in S/MIME, which is why you should handle it sensitively.

Further information on the application can be found on our website.

Certificates can be applied in various areas. These include:

1. Signing and encrypting e-mails 
2. Electronic signature
3. Server