Certificates are used on the Internet to encrypt and decrypt data and to create or verify digital signatures.
The TU Bergakademie Freiberg is part of the GÉANT framework agreement and uses the Certificate Authority (CA) "HARICA" offered through it as a certification authority. The following instructions show you step by step how to apply for an S/MIME user certificate via the HARICA certificate manager:
1. open the certificate manager
First go to the website of HARICA and click on "GO TO CertManager" in the top right-hand corner. A login page will then open.
Select "Academic Login" and enter the name "TU Bergakademie Freiberg" under "Find Your Institution".
Authenticate yourself with your university username and central university password. In some cases, additional verification with your private token is required. You can find more information on this on our how-to page for two-factor authentication.
After successfully logging in, you will be taken to the certificate dashboard. There, select the "Email" section in the left-hand sidebar under Certificate Requests.
Here you can choose between different (user) certificate types. As part of the GÉANT contract, you have the option of applying for the following certificates free of charge:
E-mail-only: The certificate only contains the e-mail address. An email verification must be carried out.E-mail, organisation & personal information: The certificate contains the e-mail address, first and last name and organisation information. During the application process, you will be asked to upload a copy of your ID card. Due to the legal restrictions on the use of ID card copies in Germany and the complexity of the data protection assessment, we advise against actively using this application method in this initial phase. (Currently not recommended)
2. select certificate type
Now select "Email-only" as the certificate type, click on "Select" and confirm your selection.
Your university email address is automatically recognised, check it and click on "Next".
Then select the option "Validate via email to selected email address" and click "Next" again to receive the confirmation email.
In the last step, check the application overview and accept the terms of use and privacy policy. Finally, click on "Submit" to finalise the application.
3. validate e-mail address
After applying, your certificate will be displayed under "My Dashboard" in the "Pending Certificates" section of the Certificate Manager. At the same time, you will have received an email from HARICA to validate your email address.
Open your (university) email address that you used to apply for the certificate. Look for the corresponding confirmation request from HARICA in your mailbox. Open the email and click on the "Confirm" button. If the confirmation link expires, you can resend the confirmation email in the HARICA dashboard using the three dots next to the certificate.
Error correction during email verification:
After clicking on the blue "Confirm" button, you must log in to HARICA again. If you are automatically redirected to the certificate manager, the validation may not have been recognised correctly. You can recognise this by the fact that your certificate is still listed in the dashboard under 'Pending Certificates' and is waiting for email verification.
If this is the case, you can perform the following troubleshooting measures:
- Clear your browser cache and cookies.
- Copy the link behind the blue "Confirm" button to another browser in which you are not automatically logged into the HARICA certificate manager.
4. download certificate
Once validation is complete, your certificate will be displayed as "downloadable" in the dashboard. Click on "Download" to download the certificate. Please note that the download is only possible once.
5. install certificate
Optionally, you can install your downloaded certificate locally and store it in the certificate store.
To start the installation, double-click on the downloaded certificate file. This will start the certificate import wizard. At the beginning, the wizard will ask you for the desired storage location - whether the certificate should only be imported for the current user or for the entire computer. Select the "Current user" option here and then click "Next".
Then select the certificate file that you downloaded previously by clicking on "Browse..." and selecting the corresponding file (e.g. Certificate.p12). Confirm your selection and then click on "Next".
Now enter the password that you specified when creating the certificate. To ensure that all the necessary information is imported, also activate the option "Include all extended properties" and then click "Next" again.
In the next step, select the option "Automatically select certificate store (based on certificate type)" and click on "Next". Then check the settings and finalise the process by clicking on "Finish".
If a security warning appears, confirm this with "Yes". Finally, you will receive a message that the import process was successful. Click on "OK" here.
The certificate has now been successfully imported and can be used for the desired application.