Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:services:it_security:pki:start [2023/11/09 15:59] – [... from the GÉANT TCS PKI] thinderen:services:it_security:pki:start [2024/03/15 13:22] (current) – [... from the GÉANT TCS PKI] thinder
Line 4: Line 4:
  
  
-Below you will find instructions on how to request certificates with popular web browsers as well as instructions for the use of this certificates. The instructions for certification shall relate to e-mail (S / MIME) certificates. However, the requirement of other types of certificates is designed largely similar. If you have suggestions for further instructions or additional questions, you can send an e-mail to [[support@gwdg.de?subject=Question(s) about certificate(s)&body=Ladies and gentlemen,%0A%0AI have the following question(s) about certificate(s):%0A%0A|support@gwdg.de]] or use the GWDG [[https://www.gwdg.de/support|support form]].+Below you will find instructions on how to request certificates with popular web browsers as well as instructions for the use of this certificates. The instructions for certification shall relate to e-mail (S / MIME) certificates. However, the requirement of other types of certificates is designed largely similar. If you have suggestions for further instructions or additional questions, you can send an e-mail to [[support@gwdg.de?subject=Question(s) about certificate(s)&body=Ladies and gentlemen,%0A%0AI have the following question(s) about certificate(s):%0A%0A|support@gwdg.de]] or use the GWDG [[https://gwdg.de/en/support|support form]].
  
 ===== Application for personal email certificate... ===== ===== Application for personal email certificate... =====
Line 15: Line 15:
  
 ==== ... from the GÉANT TCS PKI ==== ==== ... from the GÉANT TCS PKI ====
-To apply for an e-mail certificate from the GÉANT TCS CA, which is anchored in the client of the DFN of the GÉANT TCS PKI, please click on the PDF instructions below.+To apply for an e-mail certificate from the GÉANT TCS PKI, which is anchored in the client of the DFN of the GÉANT TCS PKI, please click on the PDF instructions below.
 <WRAP center round download 80%> <WRAP center round download 80%>
 Due to frequent changes in the application and issuance process of the GÉANT TCS PKI operator Sectigo, these have been created as a PDF file for easier modification and adaptation. Due to frequent changes in the application and issuance process of the GÉANT TCS PKI operator Sectigo, these have been created as a PDF file for easier modification and adaptation.
   * {{ :en:services:it_security:pki:beantragung_eines_e-mail-zertifikats_aus_der_gwdg-ca_die_im_geant_tcs_mandanten_des_dfn_verankert_ist.pdf |Application for an e-mail certificate from the GWDG-CA, which is anchored in the GÉANT TCS client of the DFN}}.   * {{ :en:services:it_security:pki:beantragung_eines_e-mail-zertifikats_aus_der_gwdg-ca_die_im_geant_tcs_mandanten_des_dfn_verankert_ist.pdf |Application for an e-mail certificate from the GWDG-CA, which is anchored in the GÉANT TCS client of the DFN}}.
 </WRAP> </WRAP>
-If you have any questions, please send an e-mail to [[support@gwdg.de?subject=Question about my personal email certificate&body=Ladies and gentlemen,%0A%0AI have the following question(s) about certificate(s):%0A%0A|support@gwdg.de]] or use the GWDG [[https://gwdg.de/en/support|support form]].+If you have any questions, please send an e-mail to [[support@gwdg.de?subject=Question about my personal email certificate&body=Ladies and gentlemen,%0A%0AI have the following question(s) about certificate(s): %0A%0A|support@gwdg.de]] or use the GWDG [[https://gwdg.de/en/support|support form]].
  
 ===== Detailed description of e-mail encryption with X.509 certificates ===== ===== Detailed description of e-mail encryption with X.509 certificates =====
Line 41: Line 41:
  
 </WRAP> </WRAP>
-===== Apply for server certificate =====+===== Apply for server certificates... =====
  
-Call OpenSSL with the following Parameters+==== ... from the GÉANT TCS PKI ==== 
 +To request ACME External Account Binding Information for server certificates from the GÉANT TCS PKI, which is anchored in the client of the DFN of the GÉANT TCS PKI, send an e-mail to [[support@gwdg.de?subject=Request for ACME External Account Binding Information for the following server(s):&body=Dear Sir or Madam,%0A%0AI would like to request ACME External Account Binding information for the following server(s):%0A%0A|support@gwdg.de]] or use the [[https://www.gwdg.de/support|Support form]] of the GWDG. 
 + 
 +<WRAP center round download 80%> 
 +Once you have received the ACME External Account Binding information, you can automatically create the certificates for your servers. Instructions on how to do this can be found in the following GWDG News article: 
 +  - [[https://www.gwdg.de/documents/20182/27257/GN_3-2022_www.pdf#page=10|GWDG News 03|22]] - Part 4: Automated Creation of Server Certificates with Bot Software 
 +</WRAP> 
 +<WRAP center round important 60%> 
 +(currently only in German) 
 +</WRAP>
  
 ==== Unix/OS X ==== ==== Unix/OS X ====
 +<WRAP center round info 80%>
 +Call OpenSSL with the following Parameters
 +
 +</WRAP>
 +
 Simple Bash script... Simple Bash script...
 <code bash createcsr.sh>openssl req -newkey rsa:4096 -sha256 -keyout priv-key.pem -out certreq.pem</code> <code bash createcsr.sh>openssl req -newkey rsa:4096 -sha256 -keyout priv-key.pem -out certreq.pem</code>
Line 61: Line 75:
 ===== Apply for server certificate with OpenSSL.cnf ===== ===== Apply for server certificate with OpenSSL.cnf =====
  
 +<WRAP center round info 80%>
 Call OpenSSL with the following Parameters Call OpenSSL with the following Parameters
 +
 +</WRAP>
  
 ==== Unix/OS X ==== ==== Unix/OS X ====
Line 256: Line 273:
  
 <WRAP center round info 100%> <WRAP center round info 100%>
 +==== GÉANT TCS PKI ====
 +  - [[https://www.gwdg.de/documents/20182/27257/GN_3-2022_www.pdf#page=10|GWDG Nachrichten 03|22]] - Teil 4: Automatisierte Erstellung von Serverzertifikaten mit Bot-Software
 +<WRAP center round important 60%>
 +(currently only in German)
 +</WRAP>
 +
 ==== DFN-Vertein Community CA ==== ==== DFN-Vertein Community CA ====
   - [[https://www.gwdg.de/documents/20182/27257/GN_9-10-2020_www.pdf#page=10|GWDG Nachrichten 09-10|20]] - Teil 1: Serverzertifikate   - [[https://www.gwdg.de/documents/20182/27257/GN_9-10-2020_www.pdf#page=10|GWDG Nachrichten 09-10|20]] - Teil 1: Serverzertifikate
   - [[https://www.gwdg.de/documents/20182/27257/GN_12-2020_www.pdf#page=10|GWDG Nachrichten 12|20]] - Teil 2: Ein Blick hinter die Kulissen eines Teilnehmerservices   - [[https://www.gwdg.de/documents/20182/27257/GN_12-2020_www.pdf#page=10|GWDG Nachrichten 12|20]] - Teil 2: Ein Blick hinter die Kulissen eines Teilnehmerservices
   - [[https://www.gwdg.de/documents/20182/27257/GN_3-2021_www.pdf#page=8|GWDG Nachrichten 03|21]] - Teil 3: Das Programm GUIRA für den Teilnehmerservice   - [[https://www.gwdg.de/documents/20182/27257/GN_3-2021_www.pdf#page=8|GWDG Nachrichten 03|21]] - Teil 3: Das Programm GUIRA für den Teilnehmerservice
-==== GÉANT TCS PKI ==== 
-  - [[https://www.gwdg.de/documents/20182/27257/GN_3-2022_www.pdf#page=10|GWDG Nachrichten 03|22]] - Teil 4: Automatisierte Erstellung von Serverzertifikaten mit Bot-Software 
- 
  
 <WRAP center round important 60%> <WRAP center round important 60%>
Line 269: Line 289:
  
 </WRAP> </WRAP>
 +