Navigation and service

"Global" Certificates

"Global" certificates can be applied for:

  • FZJ employees with a valid FZJ mail address
  • Function groups with valid function mail address. The name field in these certificates differs formally from the name field of normal user certificates. To clearly indicate that this is a certificate that may be used by more than one person, the name of the function group must be entered in the name field of the certificate request with the preceding GRP:.
    In this case, the applicant must be the owner of the functional email address. This person enters his/her personal FZJ e-mail address on the application page in the section "Weitere Angaben".
  • external certificate holders, if the necessity arises from cooperation with Forschungszentrum Jülich. In this case, the name in the certificate data must be preceded by EXT: (EXT: Gabi Mustermann)
  • Code Signing. In this case a personal certificate is requested which is either bound to one person (preferably a pseudonym certificate with a name of the form "PN: <first name last name> - CodeSigning") or a group ("GRP: CodeSigning <group name>"). The values ​​(including the angle brackets) must be replaced by appropriate names.
  • Server in JuNet (see: Information Server Certificates)

Apply for a user certificate

A web interface provided by the DFN supports the user

  • generating a key pair
  • at the completion of a certificate application, which may be supplemented, signed and presented together with the identity card / passport to Teilnehmerservice at JSC (Dispatch, 5642). Employees in field offices can also carry out this authentication step on site (contact at PTJ Berlin: +49 30 20199-460, contact at PTJ Rostock: +49 381 20356-299, contact JCNS in Jülich: +49 2461 61 2498, contact in Erlangen: +49 9131 85-20843, contact in Münster: +49 251 83-30008).

Request a server certificate

In this case, the key pair and a Certificate Signing Request (CSR) must first be generated (for this, see the Information Server Certificates).

Subsequently, the web interface (server) is used again to complete the certificate application and print the application form. This document must be signed and submitted to Teilnehmerservice at JSC (Dispatch, 5642).

Installing the Certificate

If all prerequisites are met, JSC Teilnehmerservice will initiate the generation of the certificate. The applicant will be informed by email about the completion of this process. By means of a link in this mail, the certificate can then be imported into the browser with which the key pair was created.

With the browser, the new certificate together with the private key should now be saved in a container file (PKCS#12-Format). This file is important as a backup to prevent loss of the private key. It can also be used to import the certificate and private key into other applications.