wiki.in.tum.de
Technische Universität München


User-Certificates

This describes how to apply for and install the RBG certificate.

Note: Due to the corona pandemic, these conditions apply for activating the certificate.

0. General Information on TUM Informatics and Mathematics Certificates

After requesting a certificate you can find it under:
$HOME/../home_sec/import/

or on ssp.in.tum.de (Students or Informatics Employees), ssp.ma.tum.de (Mathematics Employees), if you requested it before.

With a certificate you can visit certain websites or even send encrypted E-Mails. For the installation the passphrase is needed, since the certificate is encrypted. After getting your passphrase, your certificate can be found under the mentioned directory or on ssp.in.tum.de or ssp.ma.tum.de


1. Where and how do I request a certificate?

1.1. Students

1.1.1. Freshmen

Usually you will receive your passphrase, the in.tum.de-Account and so on during the preliminary courses in the Infopoint Informatics.

If you did not participate at the preliminary courses you can receive your passphrase from the Infopoint Informatics.

1.1.2. If your certificate expired

In this case you have to request a new certificate via ssp.in.tum.de and you can collect the passphrase at the Infopoint Informatik..

1.2. Non-Students

A certificate can be requested either with your User Request (Benutzerantrag) or via ssp.in.tum.de (Informatics Employees), ssp.ma.tum.de (Mathematics Employees) and you can collect your passphrase at our service office (00.05.041) on Mondays or Thursdays from 10:00 to 17:00 with your ID card.

On this page you can retrieve current information regarding working hours.

Note: For each of the described cases holds that a valid photo ID (personal ID or passport) is to be presented during passphrase! collection!

Note: Due to the corona pandemic, these conditions apply for activating the certificate.


2. How do I request for certificates?

Click on Login at the top left on ssp.in.tum.de or ssp.ma.tum.de.
ssplogin.png


Log in with in.tum-username@in.tum.de or ma.tum-username@ma.tum.de.
login2new.png


Select the Certificate option on the left.
sspcertificate.png


Select Standard mode here and click Continue, if you also want to download the certificate's private key. In Expert mode you have to create it yourself.
sspstandardmoderequest.png


If you want to continue, click Yes.
sspyes.png


If the certificate has been requested, you will see detailed informations regarding your certificate request on Self Service Portal.

Click here on Continue. Then you will receive an email with the certificate application. The creation of the certificate requires personal ID control. Please bring the signed application and your valid official photo ID with you.
ssprequestedcontinue.png


When your certificate has been issued, you will receive an email and can collect the passphrase of the certificate:

  • Employees: You can collect the passphrase with your ID card from our service office (00.05.041) on Mondays or Thursdays from 10:00 a.m. to 1:00 p.m. and from 2:00 p.m. to 5:00 p.m. On this page you will find current information on opening hours.

Note: Due to the corona pandemic, these conditions apply for activating the certificate.



3. How long is the certificate valid and how do I renew it?

The new certificate is valid for one year from the expiry date of the old certificate. Before the expiry date you will receive an E-Mail at your in.tum.de-Account.

The validity can be reached via this [[https://ssp.in.tum.de] [ssp.in.tum.de]] (for IT staff and students) or [[https://ssp.ma.tum.de ] [ssp.ma.tum.de]] (for mathematics employees) after the RBG certificate has been applied for once in the SSP and downloaded with the private key.

Note: After the first application for the certificate in the SSP, the certificate with the private key must be installed in the browser so that the certificate can be renewed.

Once you have applied for an RBG certificate in the SSP portal, you can renew it again in the SSP.

To do this, log into the SSP with your valid RBG certificate (must be installed in the browser) and click on Certificate on the left and then click on the plus sign at Extend your certificate. You will then see the details of how to renew the certificate. Then click Request.
certificaterequest.png


Then answer the question with Yes.
requestyes.png


Next click on Continue so that your certificate is sent to your RBG E Email address is sent.
certificatecontinue.png


You will shortly receive an email with the serial number of the process. Finally, your new RBG certificate will be emailed as follows:

Good afternoon,

Your certificate is in the attachment. You had a certificate the DFN-PKI requested. The serial number of the process is xxxx.

RBG system group

The certificate is now ready to be installed. If you miss to renew your certificate a new request must be made via ssp.in.tum.de or ssp.ma.tum.de.

You can receive the passphrase at the service office of the rbg (employees) or at the Infopoint (students), which means that you have to personally pick up the passphrase with your photo identification again. That's why we recommend the Self-Service renewal of the certificate.

  • Employees: On this page you can retrieve current information regarding working hours.
  • Students: On Infopoint Informatik you can retrieve current information regarding working hours.

Exception in the Corona period:
The creation of the certificate requires personal ID check with an appointment. The ID check for issuing the certificate usually takes place via video chat (https://bbb.in.tum.de / https://bbb.ma.tum.de). However, we can only accept certain types of ID. You can find the list of accepted ID documents here. If documents are not accepted, they must appear in person.

A smartphone or webcam is required for ID verification via video chat. The camera should have a good resolution and should be able to display the ID badge when it is held close to the camera. This is necessary in order to be able to carry out the ID check in accordance with the requirements of the DFN.

So that we can make an appointment to check your ID, please send us:

  • A scan of your signed certificate application (the form of the signature on the application must match the signature on the ID)
  • The country of issue and the type of ID to be checked
  • The date of issue and expiry of the card

When we have received the required information, we will suggest dates for ID verification. You are welcome to tell us suitable days of the week.

To prepare for the video conference, please note:

  • Have the ID you gave us ready
  • Have the application form you sent us as a scan ready
  • Good lighting conditions are very helpful

We usually provide you with a passphrase through the chat function in BBB during the video conference. Prepare to write them off or take a screenshot.

You can find more information about the certificates on our wiki page: http://wiki.in.tum.de/Informatik/Benutzerwiki/Zertifikate#Zertifikate.



4. How do I copy the certificate on my computer?

Download from the Self Service Portal

The user certificate can be downloaded from https://ssp.in.tum.de or https://ssp.ma.tum.de with the private key.

Copy from the Lxhalle

For the data transfer between the computer hall and your personal computer you can use this instruction.

For Windows Users there is an additional instruction for copying the certificate to one's computer and also a how-to for importing the certificate in the Internet Explorer and Firefox.





5. How do I install a certificate?

The following instructions were made for certain configurations (OS + Software). If you use a different configuration or have problems with the installation please feel free to visit the Helpdesk.

5.1. Browser

5.1.1. Google Chrome

Google Chrome was tested in the Version 65.0.3325.181 under Windows 10 & Mac OS High Sierra. Chrome uses the certificate via the intergration in the OS (look below). Despite the successful installation of the certificate it did not work under Mac OS High Sierra with the Chrome Browser.


5.1.2. Firefox

  • For the Installation of the certificate you have to open the Preferences:
firefox_0.png


  • Under the Menu go to → Privacy & Security View Certificates:

firefox_1.PNG


  • There go to Your Certificates and then on Import . Afterwards choose your certificate with the suffix .p12 and click open.

firefox_2.PNG


  • In the next window you have to fill in your passphrase:

firefox_3.PNG
  • Your certificate was imported successfully.



5.1.3. Safari

Although the certificate was installed successfully the certificate could not be used with the Safari Brwoser under Mac OS High Sierra.


5.2. Email-Client

5.2.1. Thunderbird

The installation of the certificate in Firefox and Thunderbird is identical.
  • In the Menu choose EditPreferences




  • Then Advanced → Certificates_ and afterwards click on Manage Certificates

cert_preferences.png
  • Choose Your Certificates and then click on Import...




  • Go to your certificate location and choose the certificate (LOGIN.p12) and click on Open




  • Now you have to enter the passphrase (received from the Infopoint or the System Group) and confirm the successful installation of the certificate. Blank spaces and capitalization rules should be considered.




Now under Your Certificates your certificate should be visible.

4.2.2. Windows-Outlook 2016

  • In the Menu go to FileOptions:

outlook_0.PNG


  • Now go to Trust CenterPreferences for the Trust Center...

outlook_1.PNG


  • Then go to E-Mail-SecurityImport/Export:

outlook_2.PNG


  • In the next window click on Open... and choose your certificate with the suffix .p12.
  • The passphrase can be entered in the field Password. Verify your password with OK:

outlook_3.PNG


  • The following message can be accepted with OK:

outlook_4.PNG


  • Your certificated was imported successfully into Outlook.
  • Using the folllowing settings you can set the encryption/signature as default:

outlook_5.PNG


  • You can go to Options and use the following options to enable or disable the encryption/signature:

outlook_6.PNG


4.2.3. Mac-Outlook 2019

First click Outlook in the tab, then Preferences.
outlookpreferences.png


Select Accounts.
accounts.png


Then select your RBG (in.tum / ma.tum) account in the open window on the left and click on Advanced.
Screenshot 2020-06-19 at 09.38.48 advanced.png


Click in the Security tab and select the RBG certificate for signing and encrypting the emails.
Screenshot 2020-06-19 at 09.39.12-certnotselected.png
Screenshot 2020-06-19 at 09.14.46-chooseacertificate.png
Screenshot 2020-06-19 at 09.15.04-certauswaehlen.png


Confirm your selection with OK.
Screenshot 2020-06-19 at 09.13.31-certausgewaehltok.png


5.3. Operating Systems

5.3.1. Windows

The certificate is installed on the whole OS, which means that it can be used by Internet Explorer and Windows Mail (but not for Firefox - look here). Windows 7 x64 was used for this guide.
  • usually you can double click on the certificate and the certificate-import-assistance will start, then you can click here to continue - if the certificate-import-assistance wont start, follow the guide that follows:
  • In the startmenu click on Control Panel and afterwards choose Internet options.

  • Then choose Contents and then choose Certificates:




  • Go to Your Certificates and then choose Import...:




  • Now the certificate-import-assistance will start, click on Continue.
  • Click Open and choose the certificate - choose the suffix .pfx, or .p12 , else you wont be able to see the files.



  • Click on Continue
  • Enter the passphrase
  • Also choose to make your key exportable and then click on Continue.




  • In this windows just click on Continue.




  • In the end click on Finish verify the last window with OK.



  • Your certificate should be visible under Your Certificates.



5.3.2. Mac OS X

  • Double click on your certificate
  • Now in the Add Certificates - Window click on Add




  • Enter your certificate-passphrase




  • The certificate is now ready to use and can for example be used in Apple Mail to sign and encrypt your messages.

applemail_1.png


Important KB entries (only available in the MWN network):

1 - Welchen ID I need for issuing the certificate

5.2.3. Windows-Outlook 2019


5.2.3.1. Install certificate

Open Outlook and click File in the tab.
0file.png


Then open Options in the left area.
1options.png


In the opened window select Trustcenter
2trustcenter.png


Click the * Settings * button for the trust center.
3trustcentersettings.png


In the next dialog box, click Security Center and then on E-Mail Security. Under the Digital IDs (Certificates) section, select Import / Export.
trustcenteremailsecuritsimportexport.png


In the opened window go to Search. Select the correct certificate and confirm with OK. For Import / Export digital ID enter the password that was assigned during the export process from Firefox has been. Then click OK.
5importexport.png


You can complete the process with OK, then the medium security level will be selected. You can also click Set security level to adjust this setting.
6setsecuritylevel.png


You can choose medium or high security levels.
7highsecuritylevel.png


If you select the high security level, you must choose a password that you have to use before encrypting and decrypting the e-mail.
8createapassword.png


Confirm the change with OK and then close all windows. If you want to select the medium security level, you have to click Set security level again.
9importinganewprivateexchangekey.png


If you want to write an encrypted email, you have to enter the chosen password.
10emailverfassen.png



5.2.3.2. Sign and encrypt emails

Your RBG certificate has now been imported into Outlook and you can select it under Encrypted e-mail messages using the Settings button for the e-mail address.
Out5.png


You should see the certificate you just installed under Signature Certificate and Encryption Certificate. If this is not the case, you still have to select the certificate by clicking the Select button.
Out6.png


Here you can see the issuer of the certificate and the expiry date.
Out7.png


5.2.4. Mac-Outlook 2019

Im Reiter zuerst Outlook, dann Preferences anklicken.
outlookpreferences.png


Wählen Sie Accounts aus.
accounts.png


Dann wählen Sie im geöffneten Fenster links Ihr RBG(in.tum/ma.tum) Account aus und klicken Sie Advanced an.
Screenshot 2020-06-19 at 09.38.48 advanced.png


Klicken Sie im Reiter Security an und wählen Sie dort das RBG Zertifikat zum Signieren und Verschlüsseln der E-Mails aus.
Screenshot 2020-06-19 at 09.39.12-certnotselected.png


Screenshot 2020-06-19 at 09.14.46-chooseacertificate.png


Screenshot 2020-06-19 at 09.15.04-certauswaehlen.png


Bestätigen Sie Ihre Auswahl mit OK.
Screenshot 2020-06-19 at 09.13.31-certausgewaehltok.png


Topic attachments
I Attachment Action Size Date Who Comment
0file.pngpng 0file.png manage 23 K 31 Aug 2020 - 11:11 AyseguelOmusNe63guq  
10emailverfassen.pngpng 10emailverfassen.png manage 80 K 31 Aug 2020 - 09:47 AyseguelOmusNe63guq  
1options.pngpng 1options.png manage 109 K 31 Aug 2020 - 09:45 AyseguelOmusNe63guq  
2trustcenter.pngpng 2trustcenter.png manage 103 K 31 Aug 2020 - 09:46 AyseguelOmusNe63guq  
3trustcentersettings.pngpng 3trustcentersettings.png manage 76 K 31 Aug 2020 - 09:46 AyseguelOmusNe63guq  
5importexport.pngpng 5importexport.png manage 47 K 31 Aug 2020 - 09:46 AyseguelOmusNe63guq  
6setsecuritylevel.pngpng 6setsecuritylevel.png manage 48 K 31 Aug 2020 - 09:47 AyseguelOmusNe63guq  
7highsecuritylevel.pngpng 7highsecuritylevel.png manage 74 K 31 Aug 2020 - 09:47 AyseguelOmusNe63guq  
8createapassword.pngpng 8createapassword.png manage 72 K 31 Aug 2020 - 09:47 AyseguelOmusNe63guq  
9importinganewprivateexchangekey.pngpng 9importinganewprivateexchangekey.png manage 48 K 31 Aug 2020 - 09:47 AyseguelOmusNe63guq  
accounts.pngpng accounts.png manage 130 K 22 Jun 2020 - 10:52 AyseguelOmusNe63guq  
appleCertificate.pngpng appleCertificate.png manage 166 K 31 Mar 2011 - 11:13 MarekOrschewskiNe26gik  
applemail_1.pngpng applemail_1.png manage 20 K 21 Mar 2018 - 10:22 TobiasZappeGa34gey  
applemail_2.pngpng applemail_2.png manage 83 K 21 Mar 2018 - 10:12 TobiasZappeGa34gey  
applemail_3.pngpng applemail_3.png manage 82 K 21 Mar 2018 - 10:16 TobiasZappeGa34gey  
applePasswd.pngpng applePasswd.png manage 19 K 31 Mar 2011 - 11:14 MarekOrschewskiNe26gik  
certificatecontinue.pngpng certificatecontinue.png manage 180 K 21 Sep 2020 - 13:58 AyseguelOmusNe63guq  
certificateImport.pngpng certificateImport.png manage 61 K 17 Mar 2011 - 09:42 MarekOrschewskiNe26gik  
certificatePassphrase.pngpng certificatePassphrase.png manage 16 K 17 Mar 2011 - 09:43 MarekOrschewskiNe26gik  
certificaterequest.pngpng certificaterequest.png manage 247 K 21 Sep 2020 - 13:59 AyseguelOmusNe63guq  
cert_preferences.pngpng cert_preferences.png manage 46 K 21 Mar 2018 - 09:54 StefanZiarasGa49taq  
firefox_0.pngpng firefox_0.png manage 22 K 21 Mar 2018 - 11:02 TobiasZappeGa34gey  
firefox_1.PNGPNG firefox_1.PNG manage 68 K 21 Mar 2018 - 10:56 TobiasZappeGa34gey  
firefox_2.PNGPNG firefox_2.PNG manage 47 K 21 Mar 2018 - 11:13 TobiasZappeGa34gey  
firefox_3.PNGPNG firefox_3.PNG manage 6 K 21 Mar 2018 - 11:17 TobiasZappeGa34gey  
igp_231aec95b139e5f834cc638ac6175542_Out7.pngpng igp_231aec95b139e5f834cc638ac6175542_Out7.png manage 8 K 31 Aug 2020 - 11:33 AyseguelOmusNe63guq  
igp_42e3ba5d5214a1cc5f268ee6bf354b42_Out6.pngpng igp_42e3ba5d5214a1cc5f268ee6bf354b42_Out6.png manage 8 K 31 Aug 2020 - 11:33 AyseguelOmusNe63guq  
igp_f0407a18a4fb12be010c704c5ae6c704_Out5.pngpng igp_f0407a18a4fb12be010c704c5ae6c704_Out5.png manage 10 K 31 Aug 2020 - 11:32 AyseguelOmusNe63guq  
importvorgangErfolgreich.pngpng importvorgangErfolgreich.png manage 20 K 21 Mar 2011 - 09:38 MarekOrschewskiNe26gik  
inhalteZertifikate.pngpng inhalteZertifikate.png manage 75 K 17 Mar 2011 - 11:33 MarekOrschewskiNe26gik  
internetOptionen.pngpng internetOptionen.png manage 182 K 17 Mar 2011 - 11:32 MarekOrschewskiNe26gik  
login2new.pngpng login2new.png manage 207 K 11 May 2020 - 09:47 AyseguelOmusNe63guq  
menuPreferences.pngpng menuPreferences.png manage 22 K 17 Mar 2011 - 09:43 MarekOrschewskiNe26gik  
Out5.pngpng Out5.png manage 10 K 31 Aug 2020 - 12:06 AyseguelOmusNe63guq  
Out6.pngpng Out6.png manage 8 K 31 Aug 2020 - 12:06 AyseguelOmusNe63guq  
Out7.pngpng Out7.png manage 8 K 31 Aug 2020 - 12:06 AyseguelOmusNe63guq  
outlook_0.PNGPNG outlook_0.PNG manage 34 K 21 Mar 2018 - 11:40 TobiasZappeGa34gey  
outlook_1.PNGPNG outlook_1.PNG manage 26 K 21 Mar 2018 - 11:44 TobiasZappeGa34gey  
outlook_2.PNGPNG outlook_2.PNG manage 41 K 21 Mar 2018 - 11:56 TobiasZappeGa34gey  
outlook_3.PNGPNG outlook_3.PNG manage 75 K 21 Mar 2018 - 12:00 TobiasZappeGa34gey  
outlook_4.PNGPNG outlook_4.PNG manage 30 K 21 Mar 2018 - 12:06 TobiasZappeGa34gey  
outlook_5.PNGPNG outlook_5.PNG manage 40 K 21 Mar 2018 - 12:11 TobiasZappeGa34gey  
outlook_6.PNGPNG outlook_6.PNG manage 11 K 21 Mar 2018 - 12:14 TobiasZappeGa34gey  
outlookpreferences.pngpng outlookpreferences.png manage 283 K 22 Jun 2020 - 10:50 AyseguelOmusNe63guq  
requestyes.pngpng requestyes.png manage 102 K 21 Sep 2020 - 13:59 AyseguelOmusNe63guq  
Screenshot 2020-06-19 at 09.13.31-certausgewaehltok.pngpng Screenshot 2020-06-19 at 09.13.31-certausgewaehltok.png manage 1 MB 22 Jun 2020 - 10:59 AyseguelOmusNe63guq  
Screenshot 2020-06-19 at 09.14.46-chooseacertificate.pngpng Screenshot 2020-06-19 at 09.14.46-chooseacertificate.png manage 154 K 22 Jun 2020 - 10:59 AyseguelOmusNe63guq  
Screenshot 2020-06-19 at 09.15.04-certauswaehlen.pngpng Screenshot 2020-06-19 at 09.15.04-certauswaehlen.png manage 166 K 22 Jun 2020 - 10:59 AyseguelOmusNe63guq  
Screenshot 2020-06-19 at 09.38.48_advanced.pngpng Screenshot 2020-06-19 at 09.38.48_advanced.png manage 179 K 22 Jun 2020 - 10:52 AyseguelOmusNe63guq  
Screenshot 2020-06-19 at 09.39.12-certnotselected.pngpng Screenshot 2020-06-19 at 09.39.12-certnotselected.png manage 1 MB 22 Jun 2020 - 10:56 AyseguelOmusNe63guq  
sspcertificate.pngpng sspcertificate.png manage 153 K 11 May 2020 - 09:52 AyseguelOmusNe63guq  
ssplogin.pngpng ssplogin.png manage 150 K 11 May 2020 - 09:46 AyseguelOmusNe63guq  
ssprequestedcontinue.pngpng ssprequestedcontinue.png manage 260 K 11 May 2020 - 09:58 AyseguelOmusNe63guq  
sspstandardmoderequest.pngpng sspstandardmoderequest.png manage 275 K 11 May 2020 - 09:53 AyseguelOmusNe63guq  
sspyes.pngpng sspyes.png manage 172 K 11 May 2020 - 09:55 AyseguelOmusNe63guq  
successAlert.pngpng successAlert.png manage 11 K 17 Mar 2011 - 09:43 MarekOrschewskiNe26gik  
trustcenteremailsecuritsimportexport.pngpng trustcenteremailsecuritsimportexport.png manage 93 K 31 Aug 2020 - 11:12 AyseguelOmusNe63guq  
viewCertificates.pngpng viewCertificates.png manage 58 K 17 Mar 2011 - 09:44 MarekOrschewskiNe26gik  
yourCertificates.pngpng yourCertificates.png manage 36 K 17 Mar 2011 - 09:44 MarekOrschewskiNe26gik  
zertifikatFormat.pngpng zertifikatFormat.png manage 10 K 21 Mar 2011 - 09:20 MarekOrschewskiNe26gik  
zertifikatImportieren.pngpng zertifikatImportieren.png manage 42 K 21 Mar 2011 - 08:59 MarekOrschewskiNe26gik  
zertifikatPassphrase.pngpng zertifikatPassphrase.png manage 62 K 21 Apr 2011 - 08:52 MarekOrschewskiNe26gik  
zertifikatSpeicher.pngpng zertifikatSpeicher.png manage 47 K 21 Mar 2011 - 09:33 MarekOrschewskiNe26gik  
Topic revision: r51 - 25 Sep 2020, AyseguelOmusNe63guq
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback