Important note: There are two ways in which you can apply for user certificates: The first can be applied for online. The second requires a personal identity check at the University Computer Centre.
Certificates are used on the internet to encrypt or decrypt data and to create or verify digital signatures.
The TU Bergakademie Freiberg is part of the GÉANT framework agreement and uses the Certificate Authority (CA) "HARICA" offered through it as a certification authority. The following instructions show you step by step how to apply for an S/MIME user certificate via the HARICA certificate manager:
1. open the certificate manager
First go to the website of HARICA and click on "GO TO CertManager" in the top right-hand corner. A login page will then open.
Select "Academic Login" and enter the name "TU Bergakademie Freiberg" under "Find Your Institution".
Authenticate yourself with your university username and central university password. In some cases, additional verification with your private token is required. You can find more information on this on our how-to page for two-factor authentication.
After successfully logging in, you will be taken to the certificate dashboard. There, select the "Email" section in the left-hand sidebar under Certificate Requests.
Here you can choose between different (user) certificate types. As part of the GÉANT contract, you have the option of applying for the following certificates free of charge:
E-mail-only: The certificate only contains the e-mail address. Mail verification must be carried out.E-mail, organisation & personal information: The certificate contains the e-mail address, first name, surname and organisation information. During the application process, you will be asked to upload a copy of your ID card. This option is available, but must be considered individually with regard to data protection requirements in Germany.
2. select certificate type
Choose between "Email-only" (email address only) or "For enterpises or organisations (IV + OV)" (email address, first and last name and organisation information) as the certificate type, click on "Select" and confirm your selection. The instructions with the certificate type "Email-only" are presented below.
Your university email address is automatically recognised, check it and click on "Next".
Then select the option "Validate via email to selected email address" and click "Next" again to receive the confirmation email.
In the last step, check the application overview and accept the terms of use and privacy policy. Finally, click on "Submit" to finalise the application.
3. validate e-mail address
After applying, your certificate will be displayed under "My Dashboard" in the "Pending Certificates" section of the Certificate Manager. At the same time, you will have received an email from HARICA to validate your email address.
Open your (university) email address that you used to apply for the certificate. Look for the corresponding confirmation request from HARICA in your mailbox. Open the email and click on the "Confirm" button. If the confirmation link expires, you can resend the confirmation email in the HARICA dashboard using the three dots next to the certificate.
Error correction during email verification:
After clicking on the blue "Confirm" button, you must log in to HARICA again. If you are automatically redirected to the certificate manager, the validation may not have been recognised correctly. You can recognise this by the fact that your certificate is still listed in the dashboard under 'Pending Certificates' and is waiting for email verification.
If this is the case, you can perform the following troubleshooting measures:
- Clear your browser cache and cookies.
- Copy the link behind the blue "Confirm" button to another browser in which you are not automatically logged into the HARICA certificate manager.
4. roll out certificate
After successful validation, you now have the option of rolling out your certificate. The previous "Pending Certificates" section is no longer visible and has been replaced by the new "Ready Certificates" section.
To start the roll-out process, please click on the blue "Enroll your Certificate" button:
After clicking on "Enroll your Certificate", a configuration window opens in which you can specify the parameters for creating your certificate.
We recommend the following settings:
- Algorithm: Select "RSA". This setting is already preselected by default.
- Key length: Set the value to 4096 bit for a high level of security.
In the next step, please assign a own key passphrase. Make sure that this is secure and only known to you. Then tick the following box:
"I understand that this passphrase is under my sole knowledge and HARICA does not have access to it."
To complete the process, confirm by clicking on "Enroll Certificate".
.
5. download certificate
Once validation is complete, your certificate will be displayed as "downloadable" in the dashboard. Click on "Download" to download the certificate. Please note that the download is only possible once.
6. install certificate
Optionally, you can install your downloaded certificate locally and store it in the certificate store.
To start the installation, double-click on the downloaded certificate file. This will start the certificate import wizard. At the beginning, the wizard will ask you for the desired storage location - whether the certificate should only be imported for the current user or for the entire computer. Select the "Current user" option here and then click "Next".
Then select the certificate file that you downloaded previously by clicking on "Browse..." and selecting the corresponding file (e.g. Certificate.p12). Confirm your selection and then click on "Next".
Now enter the password that you specified when creating the certificate. To ensure that all the necessary information is imported, also activate the option "Include all extended properties" and then click on "Next" again.
In the next step, select the option "Automatically select certificate store (based on certificate type)" and click on "Next". Then check the settings and finalise the process by clicking on "Finish".
If a security warning appears, confirm this with "Yes". Degree you will receive a message that the import process was successful. Click on "OK".
The certificate has now been successfully imported and can be used for the desired application.
