You are here: Foswiki>Informatik/Helpdesk Web>BenutzerZertifikateInstallieren (04 Jan 2022, AyseguelOmusNe63guq)Edit Attach
Install RBG User-Certificate
This describes how to install the RBG certificate.
Note : Here you will find further information about identity checks. On this page you will find further information on applying for and extending the RBG user certificate.1. How do I install a certificate?
The following instructions were made for certain configurations (OS + Software). If you use a different configuration or have problems with the installation please feel free to visit the Helpdesk.1.1. Browser
1.1.1. Google Chrome
Google Chrome was tested in the Version 65.0.3325.181 under Windows 10 & Mac OS High Sierra. Chrome uses the certificate via the intergration in the OS (look below). Despite the successful installation of the certificate it did not work under Mac OS High Sierra with the Chrome Browser.
1.1.2. Firefox
- For the Installation of the certificate you have to open the Preferences:
- Under the Menu go to → Privacy & Security → View Certificates:
- There go to Your Certificates and then on Import . Afterwards choose your certificate with the suffix .p12 and click open.
- In the next window you have to fill in your passphrase:
- Your certificate was imported successfully.
1.1.3. Safari
Although the certificate was installed successfully the certificate could not be used with the Safari Brwoser under Mac OS High Sierra.
1.2. Email-Client
1.2.1. Thunderbird
The installation of the certificate in Firefox and Thunderbird is identical.- In the Menu choose Edit → Preferences
- Then Advanced → Certificates_ and afterwards click on Manage Certificates
- Choose Your Certificates and then click on Import...
- Go to your certificate location and choose the certificate (LOGIN.p12) and click on Open
- Now you have to enter the passphrase (received from the Infopoint or the System Group) and confirm the successful installation of the certificate. Blank spaces and capitalization rules should be considered.
Now under Your Certificates your certificate should be visible.
1.2.2. Windows-Outlook 2016
- In the Menu go to File → Options:
- Now go to Trust Center → Preferences for the Trust Center...
- Then go to E-Mail-Security → Import/Export:
- In the next window click on Open... and choose your certificate with the suffix .p12.
- The passphrase can be entered in the field Password. Verify your password with OK:
- The following message can be accepted with OK:
- Your certificated was imported successfully into Outlook.
- Using the folllowing settings you can set the encryption/signature as default:
- You can go to Options and use the following options to enable or disable the encryption/signature:
1.2.3. Mac-Outlook 2019
First click Outlook in the tab, then Preferences.
Select Accounts.
Then select your RBG (in.tum / ma.tum) account in the open window on the left and click on Advanced.
Click in the Security tab and select the RBG certificate for signing and encrypting the emails.
Confirm your selection with OK.
1.3. Operating Systems
1.3.1. Windows
The certificate is installed on the whole OS, which means that it can be used by Internet Explorer and Windows Mail (but not for Firefox - look here).- usually you can double click on the certificate and the certificate-import-assistance will start, then you can click here to continue - if the certificate-import-assistance wont start, follow the guide that follows:
- In the startmenu click on Control Panel and afterwards choose Internet options.
- Then choose Contents and then choose Certificates:
- Go to Your Certificates and then choose Import...:
- Now the certificate-import-assistance will start, click on Continue.
- Click Open and choose the certificate - choose the suffix .pfx, or .p12 , else you wont be able to see the files.
- Click on Continue
- Enter the passphrase
- Also choose to make your key exportable and then click on Continue.
- In this windows just click on Continue.
- In the end click on Finish verify the last window with OK.
- Your certificate should be visible under Your Certificates.
1.3.2. Mac OS X
- Double click on your certificate
- Now in the Add Certificates - Window click on Add
- Enter your certificate-passphrase
- The certificate is now ready to use and can for example be used in Apple Mail to sign and encrypt your messages.
Important KB entries (only available in the MWN network):
1 - Welchen ID I need for issuing the certificate
1.2.3. Windows-Outlook 2019
1.2.3.1. Install certificate
Open Outlook and click File in the tab.
Then open Options in the left area.
In the opened window select Trustcenter
Click the Settings button for the trust center.
In the next dialog box, click Security Center and then on E-Mail Security. Under the Digital IDs (Certificates) section, select Import / Export.
In the opened window go to Search. Select the correct certificate and confirm with OK. For Import / Export digital ID enter the password that was assigned during the export process from Firefox has been. Then click OK.
You can complete the process with OK, then the medium security level will be selected. You can also click Set security level to adjust this setting.
You can choose medium or high security levels.
If you select the high security level, you must choose a password that you have to use before encrypting and decrypting the e-mail.
Confirm the change with OK and then close all windows. If you want to select the medium security level, you have to click Set security level again.
If you want to write an encrypted email, you have to enter the chosen password.
1.2.3.2. Sign and encrypt emails
Your RBG certificate has now been imported into Outlook and you can select it under Encrypted e-mail messages using the Settings button for the e-mail address.
You should see the certificate you just installed under Signature Certificate and Encryption Certificate. If this is not the case, you still have to select the certificate by clicking the Select button.
Here you can see the issuer of the certificate and the expiry date.
2. FAQ
My certificate is in .pem format, but my programm only accepts .p12 format. What should I do?
The certificate you have downloaded from the Self-Service Portal (ssp.in.tum.de/ssp.ma.tum.de) is in .pem format and some client programs do not support it. This problem is easily solved. All you have to do is find a program that accepts .pem files. Firefox is one of them, and since it is widespread, we'll assume that Firefox is being used for this guide.
Now to the real issue: 1) Make sure your old expired certificate is installed in Firefox. If it is not already installed there, you will have to export the old certificate from another application and import it in Firefox. How to export a certificate can be found in our Wiki-Anleitung . 2) Import the new certificate (.pem-file) in Firefox. How to install a certificate can be found above on this page. 3) Export the new certificate from Firefox. Voilà! Now you have a new .p12 file, which can be imported into other programs as usual. Note: Please be aware that when importing the new .p12 file, you must change the settings for it as usual. In particular, you must also adjust the account settings for Thunderbird. You have to select the new certificate under Account Settings → End-to-End Encryption → S/MIME. You can use this guide for reference. If you encounter some problem, contact: rbg@in.tum.deImportant KB-articles that cane be of use (only accessible in the MWN network):
1- Welchen Ausweis brauche ich für die Ausstellung der Passphrase
Topic revision: r7 - 04 Jan 2022, AyseguelOmusNe63guq
Chemie
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding Foswiki? Send feedback