Requesting a certificate
All employees of the University of Cologne can apply for a certificate from HARICA. HARICA is provided by the DFN.
The current functionality of the HARICA systems is sufficient for basic provision. HARICA is working hard to expand the systems.
Issuing certificates from 10.01.2025
At the beginning of 2025, there will be restrictions in the issuance of certificates.
This is because the service provider Sectigo has terminated the contract between it and GÉANT as of January 10, 2025, on the basis of which the Trusted Certificate Service (TCS) is provided as part of the DFN-PKI. From this date, neither server nor user certificates can be created there.
Géant TCS will be replaced by HARICA and provided via the DFN. HARICA's current system is designed for basic provision. HARICA is working at full speed on an expansion. This situation is expected to be resolved in March.
If possible, we recommend that you wait until then before submitting new applications.
If you have any questions, please contact the helpdesk.
Request
1. Visit the website https://cm.harica.gr/ and click on “Academic Login” [Fig.1].
2. Search for “Universität zu Köln” and select the corresponding entry [Fig. 2].
3. Now authenticate yourself with your account via Shibboleth [Fig. 3].
3. You will receive a message that an e-mail has been sent to the address specified in the form [Fig. 4]. Open this email (sender: “noreply@harica.gr”) and click on “Confirm email” [Fig. 5].
4. You will be redirected back to your browser and asked to activate your account. To do this, click on “Activate” [Fig. 6].
5. Your account has now been activated and you can return to the login page via the “Go to login page” button [Fig. 7]. Then log in with your account [Fig. 8].
6. Select the “E-mail” item in the left-hand navigation menu [Fig. 9] and then the “E-mail only” type [Fig. 10]. Confirm the selection with “Submit” [Fig. 11].
7. Confirm the next step with “Next” [Fig. 12] and accept the terms of use by ticking the box and clicking on “Next” [Fig. 13].
8. Now click on “Auto-generate CSR” and set a password for your private key. The selection for algorithm and key length can be left at the default settings. Confirm this step with the “Generate Private Key, CSR, and submit order” button [Fig. 14].
9. Now click on “Download” to download the private key [Fig. 15]. You will need this in a later step. After you have downloaded the private key, confirm this by ticking the box and then click on the “Go back to dashboard” button [Fig. 16].
10. You have now received an email (sender: “noreply@harica.gr”) in which you confirm the request for a certificate by clicking on the “Confirm” button [Fig. 17]. You will be redirected back to your browser, where you confirm the confirmation by clicking the “Confirm” button [Fig. 18].
11. You will now see your dashboard and your requested certificate. Click on the download icon [Fig. 19] and select both “PEM” and “PEM bundle” [Fig. 20]. You will need these in the next step.
12. Now go to the website https://www.harica.gr/en/Tools/PemToP12. Upload the file “Cert.pem” under “Certificate” and the file “privateKey.pem” under “Private Key” via “Select file”. Also enter the password for your private key from step 8, upload the file “Cert_bundle.pem” under “Issuing Authority” via “Select file” and enter a password for your certificate. Confirm all details by clicking on “Generate” [Fig. 21].
Your certificate file has been successfully generated and downloaded. You will find this file in your download folder.
Contact
If you have any questions or problems, please contact the RRZK-Helpdesk