How can I set up CIT certificate?

1

x

2

----

----

= Install CIT Client Certificate =

8

9

This describes how to install the ITO certificate.

10

11

12

On this [[page>>https://xwiki.rbg.tum.de/bin/view/Informatik/Helpdesk/BenutzerZertifikate]] you will find further information on applying for and extending the CIT user certificate.

== 1. How do I install a certificate? ==

21

22

The following instructions were made for specific configurations (OS + Software). If you use a different configuration or have problems with the installation, please feel free to visit the [[Helpdesk>>Informatik.Helpdesk.WebHome]].

=== 1.1. Browser ===

==== 1.1.1. Google Chrome ====

27

28

Google Chrome was tested in Version 65.0.3325.181 under Windows 10 & Mac OS High Sierra. Chrome uses the certificate via the integration in the OS (look below). Despite the successful installation of the certificate, it did not work under Mac OS High Sierra with the Chrome Browser.

==== 1.1.2. Firefox ====

34

35

* For the Installation of the certificate, you have to open the Preferences:

36

37

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_0.png||alt="firefox_0.png" height="572" title="firefox_0.png" width="316"]]

* Under the Menu go to **→Privacy & Security →View Certificates**:

44

45

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_1.PNG||alt="firefox_1.PNG" height="727" title="firefox_1.PNG" width="671"]]

* There, go to **Your Certificates** and then to **Import**. Afterward, choose your certificate with the suffix **.p12** and click **open**.

50

51

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_2.PNG||alt="firefox_2.PNG" height="453" title="firefox_2.PNG" width="920"]]

52

53

54

* In the next window, you have to fill in your passphrase:

55

56

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_3.PNG||alt="firefox_3.PNG" height="153" title="firefox_3.PNG" width="598"]]

57

58

* Your certificate was imported successfully.

59

60

==== 1.1.3. Safari ====

61

62

If the certificate is imported into the keychain (Schlüsselbund), it will automatically be integrated into Safari.

63

64

=== 1.2. Email-Client ===

65

66

67

==== 1.2.1. Thunderbird (Windows/Linux) ====

On the bottom left you'll find a cog wheel, click on it to open settings.

72

73

[[image:1710762049501-575.png]]

74

75

76

Next up, click on the Lock Icon on the left bar and scroll down until you find the certificates section. Click on "**Manage Certificates**".

77

78

(Make sure you downloaded your "**certificate with private key**" from https:~/~/my.ito.cit.tum.de/zertifikat/ )

79

80

[[image:1710762103262-173.png]]

Go to the "**My Certificates**"-Section and click on **import** and select the certificate you previously downloaded.

86

87

[[image:importieren.png||height="506" width="1021"]]

You'll be prompted to enter the passphrase that you received when you requested a certificate on the website mentioned above.

92

93

[[image:passphraseeingeben.png||height="517" width="1042"]]

(% class="box infomessage" %)

98

(((

99

(In case you forgot it, request a new certificate, wait a bit, refresh the website and download the certificate, and try again.)

)))

Lastly, click on the icon **above** the **puzzle piece**.

104

105

[[image:1710762127504-179.png]]

106

107

108

On the left, light grey colored column click on "**End-to-End-Encryption**" and scroll down until you find "**S/MIME**".

109

110

[[image:1710762116312-799.png]]

Click on **Select** and you'll be offered only one option, select it.

116

117

[[image:zertifikatauswählenfüraccount.png||height="448" width="1106"]]

118

119

Confirm any window that may pop up right afterward. That's it, congratulations!

120

121

[[image:zertifikatauswählenfueraccount3.png||height="522" width="1101"]]

==== ====

[[image:zertifikateausgewähltfueraccount.png||height="532" width="1122"]]

==== 1.2.3. Windows-Outlook 2016 ====

132

133

* In the Menu go to **File** → **Options**:

134

135

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_0.PNG||alt="outlook_0.PNG" height="472" title="outlook_0.PNG" width="754"]]

* Now go to **Trust Center** → **Preferences for the Trust Center...**

141

142

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_1.PNG||alt="outlook_1.PNG" height="545" title="outlook_1.PNG" width="756"]]

* Then go to **E-Mail-Security** → **Import/Export**:

148

149

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_2.PNG||alt="outlook_2.PNG" height="549" title="outlook_2.PNG" width="759"]]

* In the next window click on **Open...** and choose your certificate with the suffix **.p12**.

155

* The passphrase can be entered in the field **Password**. Verify your password with **OK**:

156

157

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_3.PNG||alt="outlook_3.PNG" height="550" title="outlook_3.PNG" width="1096"]]

* The following message can be accepted with **OK**:

163

164

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_4.PNG||alt="outlook_4.PNG" height="389" title="outlook_4.PNG" width="354"]]

* Your certificate was imported successfully into Outlook.

170

* Using the following settings, you can set the encryption/signature as default:

171

172

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_5.PNG||alt="outlook_5.PNG" height="569" title="outlook_5.PNG" width="782"]]

* You can go to **Options** and use the following options to enable or disable the **encryption/signature**:

178

179

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_6.PNG||alt="outlook_6.PNG" height="127" title="outlook_6.PNG" width="493"]]

==== 1.2.4. Mac-Outlook 2019 ====

185

186

First, click **Outlook** in the tab, then **Preferences**.

187

188

[[image:outlookpreferences.png||height="335" width="235"]]

Select **Accounts**.

[[image:accounts.png||width="900"]]

Then select your CIT account in the open window on the left and click on **Advanced**.

203

204

[[image:advanced.png||width="900"]]

Click in the **Security** tab and select the ITO certificate for signing and encrypting the emails.

211

212

[[image:4certnotselected.png||width="900"]]

213

214

215

[[image:5chooseacertificate.png||height="191" width="425"]]

216

217

218

[[image:6certauswaehlen.png||height="676" width="728"]]

Confirm your selection with **OK**.

225

226

[[image:7certausgewaehltok.png||height="526" width="724"]]

227

228

229

=== 1.3. Operating Systems ===

230

231

232

==== 1.3.1. Windows ====

233

234

The certificate is installed on the whole OS, meaning it can be used by **Internet Explorer** and **Windows Mail** (but not for Firefox).

235

236

* usually, you can double-click on the certificate, and the certificate-import-assistance will start; if the certificate-import-assistance won't start, follow the guide that follows:

237

* In the start menu, click on **Control Panel** and afterward choose **Internet options**.

238

239

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/internetOptionen.png]]

* Then choose **Contents** and then choose **Certificates**:

245

246

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/inhalteZertifikate.png]]

* Go to **Your Certificates** and then choose **Import...**:

252

253

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatImportieren.png]]

* Now the certificate-import-assistance will start; click on **Continue**.

260

* Click **Open** and choose the certificate - choose the suffix **.pfx or .p12 , else you won't** be able to see the files.

261

262

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatFormat.png]]

* Click on **Continue**

268

* Enter the passphrase

269

* Also choose to make your key exportable and then click on **Continue**.

270

271

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatPassphrase.png]]

* In this windows just click on **Continue**.

277

278

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatSpeicher.png]]

* In the end, click on **Finish** and verify the last window with **OK**.

284

285

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/importvorgangErfolgreich.png]]

* Your certificate should be visible under **Your Certificates**.

291

292

==== 1.3.2. Mac OS X ====

293

294

Double click on your certificate

295

296

* Now in the **Add Certificates** - Window click on **Add**

297

298

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/appleCertificate.png]]

* Enter your certificate-passphrase

304

305

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/applePasswd.png]]

* The certificate is now ready to use and can, for example, be used in Apple Mail to sign and encrypt your messages.

311

312

[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/applemail_1.png||alt="applemail_1.png" height="307" title="applemail_1.png" width="466"]]

==== 1.2.3. Windows-Outlook 2019 ====

317

318

===== 1.2.3.1. Install certificate =====

Open Outlook and click **File** in the tab.

323

324

[[image:20file.png||width="900"]]

Then open **Options** in the left area.

330

331

[[image:1options.png||width="900"]]

In the opened window select **Trustcenter**

337

338

[[image:2trustcenter.png||width="1000"]]

Click the **Settings** button for the trust center.

344

345

[[image:3trustcentersettings.png||width="1000"]]

In the next dialog box, click **Security Center** and then on **E-Mail Security**. Under the Digital IDs (Certificates) section, select **Import / Export**.

351

352

[[image:1trustcenteremailsecuritsimportexport.png||width="900"]]

In the opened window go to **Search**. Select the correct certificate and confirm with **OK**. For **Import / Export digital ID** enter the password that was assigned during the export process from Firefox has been. Then click **OK**.

358

359

[[image:35importexport.png||height="814" width="743"]]

You can complete the process with **OK**, then the medium security level will be selected. You can also click Set security level to adjust this setting.

365

366

[[image:16setsecuritylevel.png||width="900"]]

You can choose medium or high security levels.

372

373

[[image:17highsecuritylevel.png||height="584" width="775"]]

If you select the high security level, you must choose a password that you have to use before encrypting and decrypting the e-mail.

379

380

[[image:18createapassword.png||width="900"]]

Confirm the change with **OK** and then close all windows. If you want to select the medium security level, you have to click **Set security level** again.

386

387

[[image:91importinganewprivateexchangekey.png||width="900"]]

If you want to write an encrypted email, you have to enter the chosen password.

393

394

[[image:30emailverfassen.png||width="900"]]

===== 1.2.3.2. Sign and encrypt emails =====

401

402

Your ITO certificate has now been imported into Outlook and you can select it under **Encrypted e-mail messages** using the **Settings** button for the e-mail address.

403

404

405

[[image:Out51.png||width="900"]]

You should see the certificate you just installed under **Signature Certificate** and **Encryption Certificate**. If this is not the case, you still have to select the certificate by clicking the **Select** button.

411

412

[[image:Out61.png||width="900"]]

Here you can see the issuer of the certificate and the expiry date.

418

419

[[image:Out71.png||width="900"]]

== 2. FAQ ==

=== My certificate is in .pem format, but my program only accepts .p12 format. What should I do? ===

429

430

The certificate you downloaded from the Self-Service Portal (ssp.cit.tum.de) is in .pem format, and some client programs do not support it. This problem is easily solved. All you have to do is find a program that accepts .pem files. Firefox is one of them, and since it is widespread, we'll assume that Firefox is being used for this guide.

431

432

Now to the real issue:

433

434

1) Make sure your old expired certificate is installed in Firefox. If it is not installed there, you must export the old certificate from another application and import it into Firefox. How to export a certificate can be found in our [[Wiki instructions>>https://xwiki.rbg.tum.de/bin/view/Informatik/Helpdesk/ZertifikatExportieren#Firefox]].

435

436

2) Import the new certificate (.pem-file) in Firefox. How to install a certificate can be found above on this page.

437

438

3) Export the new certificate from Firefox.

439

440

441

Voilà! Now you have a new .p12 file, which can be imported into other programs as usual.

442

443

444

**Note**: Please be aware that when importing the new .p12 file, you must change its settings as usual. In particular, you must also adjust the account settings for Thunderbird. Select the new certificate under **Account Settings** -> **End-to-End Encryption** -> **S/MIME**.

445

446

If you encounter some problems, contact: support@ito.cit.tum.de

Wiki source code of Wie kann ich das Benutzerzertifikat installieren?

Navigation