Wiki source code of Wie kann ich das Benutzerzertifikat installieren?

Last modified by Aysegül Omus on 2024/03/18 14:45

version	line-number	content
109.1	1	x
1.1	2
109.1	3	----
1.1	4
109.1	5	----
1.1	6
109.1	7	= Install CIT Client Certificate =
1.1	8
109.1	9	This describes how to install the ITO certificate.
1.1	10
	11
109.1	12	On this [[page>>https://xwiki.rbg.tum.de/bin/view/Informatik/Helpdesk/BenutzerZertifikate]] you will find further information on applying for and extending the CIT user certificate.
1.1	13
	14
	15
109.1	16	{{toc/}}
1.1	17
109.1	18
	19
	20	== 1. How do I install a certificate? ==
	21
	22	The following instructions were made for specific configurations (OS + Software). If you use a different configuration or have problems with the installation, please feel free to visit the [[Helpdesk>>Informatik.Helpdesk.WebHome]].
	23
1.1	24	=== 1.1. Browser ===
	25
	26	==== 1.1.1. Google Chrome ====
	27
109.1	28	Google Chrome was tested in Version 65.0.3325.181 under Windows 10 & Mac OS High Sierra. Chrome uses the certificate via the integration in the OS (look below). Despite the successful installation of the certificate, it did not work under Mac OS High Sierra with the Chrome Browser.
1.1	29
76.1	30	{{id name="WinFirefoxAnchor"/}}
1.1	31
109.1	32
1.1	33	==== 1.1.2. Firefox ====
	34
109.1	35	* For the Installation of the certificate, you have to open the Preferences:
77.1	36
76.1	37	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_0.png\|\|alt="firefox_0.png" height="572" title="firefox_0.png" width="316"]]
	38
77.1	39
	40
	41
109.1	42
	43	* Under the Menu go to →Privacy & Security →View Certificates:
	44
76.1	45	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_1.PNG\|\|alt="firefox_1.PNG" height="727" title="firefox_1.PNG" width="671"]]
77.1	46
1.1	47
109.1	48
	49	* There, go to Your Certificates and then to Import. Afterward, choose your certificate with the suffix .p12 and click open.
	50
76.1	51	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_2.PNG\|\|alt="firefox_2.PNG" height="453" title="firefox_2.PNG" width="920"]]
	52
77.1	53
109.1	54	* In the next window, you have to fill in your passphrase:
77.1	55
76.1	56	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_3.PNG\|\|alt="firefox_3.PNG" height="153" title="firefox_3.PNG" width="598"]]
77.1	57
109.1	58	* Your certificate was imported successfully.
1.1	59
109.1	60	==== 1.1.3. Safari ====
1.1	61
109.1	62	If the certificate is imported into the keychain (Schlüsselbund), it will automatically be integrated into Safari.
1.1	63
109.1	64	=== 1.2. Email-Client ===
1.1	65
	66
109.1	67	==== 1.2.1. Thunderbird (Windows/Linux) ====
1.1	68
	69
77.1	70
109.1	71	On the bottom left you'll find a cog wheel, click on it to open settings.
1.1	72
109.1	73	[[image:1710762049501-575.png]]
76.1	74
1.1	75
109.1	76	Next up, click on the Lock Icon on the left bar and scroll down until you find the certificates section. Click on "Manage Certificates".
1.1	77
109.1	78	(Make sure you downloaded your "certificate with private key" from https:~/~/my.ito.cit.tum.de/zertifikat/ )
77.1	79
109.1	80	[[image:1710762103262-173.png]]
1.1	81
77.1	82
1.1	83
77.1	84
109.1	85	Go to the "My Certificates"-Section and click on import and select the certificate you previously downloaded.
77.1	86
109.1	87	[[image:importieren.png\|\|height="506" width="1021"]]
77.1	88
	89
1.1	90
109.1	91	You'll be prompted to enter the passphrase that you received when you requested a certificate on the website mentioned above.
1.1	92
109.1	93	[[image:passphraseeingeben.png\|\|height="517" width="1042"]]
1.1	94
	95
77.1	96
109.1	97	(% class="box infomessage" %)
	98	(((
	99	(In case you forgot it, request a new certificate, wait a bit, refresh the website and download the certificate, and try again.)
	100	)))
	101
	102
	103	Lastly, click on the icon above the puzzle piece.
	104
	105	[[image:1710762127504-179.png]]
	106
	107
	108	On the left, light grey colored column click on "End-to-End-Encryption" and scroll down until you find "S/MIME".
	109
	110	[[image:1710762116312-799.png]]
	111
	112
	113
	114
	115	Click on Select and you'll be offered only one option, select it.
	116
	117	[[image:zertifikatauswählenfüraccount.png\|\|height="448" width="1106"]]
	118
	119	Confirm any window that may pop up right afterward. That's it, congratulations!
	120
	121	[[image:zertifikatauswählenfueraccount3.png\|\|height="522" width="1101"]]
	122
	123	==== ====
	124
	125	[[image:zertifikateausgewähltfueraccount.png\|\|height="532" width="1122"]]
	126
	127
	128
	129
	130
	131	==== 1.2.3. Windows-Outlook 2016 ====
	132
	133	* In the Menu go to File → Options:
	134
76.1	135	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_0.PNG\|\|alt="outlook_0.PNG" height="472" title="outlook_0.PNG" width="754"]]
1.1	136
77.1	137
	138
	139
109.1	140	* Now go to Trust Center → Preferences for the Trust Center...
	141
76.1	142	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_1.PNG\|\|alt="outlook_1.PNG" height="545" title="outlook_1.PNG" width="756"]]
1.1	143
77.1	144
	145
	146
109.1	147	* Then go to E-Mail-Security → Import/Export:
	148
76.1	149	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_2.PNG\|\|alt="outlook_2.PNG" height="549" title="outlook_2.PNG" width="759"]]
1.1	150
76.1	151
109.1	152
	153
	154	* In the next window click on Open... and choose your certificate with the suffix .p12.
	155	* The passphrase can be entered in the field Password. Verify your password with OK:
	156
76.1	157	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_3.PNG\|\|alt="outlook_3.PNG" height="550" title="outlook_3.PNG" width="1096"]]
1.1	158
77.1	159
1.1	160
76.1	161
109.1	162	* The following message can be accepted with OK:
	163
	164	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_4.PNG\|\|alt="outlook_4.PNG" height="389" title="outlook_4.PNG" width="354"]]
	165
	166
	167
	168
	169	* Your certificate was imported successfully into Outlook.
	170	* Using the following settings, you can set the encryption/signature as default:
	171
76.1	172	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_5.PNG\|\|alt="outlook_5.PNG" height="569" title="outlook_5.PNG" width="782"]]
1.1	173
77.1	174
1.1	175
	176
109.1	177	* You can go to Options and use the following options to enable or disable the encryption/signature:
1.1	178
109.1	179	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_6.PNG\|\|alt="outlook_6.PNG" height="127" title="outlook_6.PNG" width="493"]]
1.1	180
77.1	181
1.1	182
	183
109.1	184	==== 1.2.4. Mac-Outlook 2019 ====
1.1	185
109.1	186	First, click Outlook in the tab, then Preferences.
1.1	187
109.1	188	[[image:outlookpreferences.png\|\|height="335" width="235"]]
1.1	189
	190
	191
	192
109.1	193	Select Accounts.
1.1	194
109.1	195	[[image:accounts.png\|\|width="900"]]
1.1	196
	197
	198
	199
	200
	201
109.1	202	Then select your CIT account in the open window on the left and click on Advanced.
1.1	203
109.1	204	[[image:advanced.png\|\|width="900"]]
1.1	205
	206
	207
	208
	209
109.1	210	Click in the Security tab and select the ITO certificate for signing and encrypting the emails.
1.1	211
109.1	212	[[image:4certnotselected.png\|\|width="900"]]
1.1	213
	214
109.1	215	[[image:5chooseacertificate.png\|\|height="191" width="425"]]
1.1	216
	217
109.1	218	[[image:6certauswaehlen.png\|\|height="676" width="728"]]
1.1	219
	220
	221
	222
	223
109.1	224	Confirm your selection with OK.
1.1	225
109.1	226	[[image:7certausgewaehltok.png\|\|height="526" width="724"]]
1.1	227
	228
109.1	229	=== 1.3. Operating Systems ===
1.1	230
	231
109.1	232	==== 1.3.1. Windows ====
1.1	233
109.1	234	The certificate is installed on the whole OS, meaning it can be used by Internet Explorer and Windows Mail (but not for Firefox).
1.1	235
109.1	236	* usually, you can double-click on the certificate, and the certificate-import-assistance will start; if the certificate-import-assistance won't start, follow the guide that follows:
	237	* In the start menu, click on Control Panel and afterward choose Internet options.
1.1	238
109.1	239	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/internetOptionen.png]]
1.1	240
	241
	242
	243
109.1	244	* Then choose Contents and then choose Certificates:
1.1	245
109.1	246	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/inhalteZertifikate.png]]
1.1	247
	248
	249
	250
109.1	251	* Go to Your Certificates and then choose Import...:
1.1	252
109.1	253	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatImportieren.png]]
1.1	254
	255
	256
109.1	257	{{id name="WinAssistentAnchor"/}}
1.1	258
109.1	259	* Now the certificate-import-assistance will start; click on Continue.
	260	* Click Open and choose the certificate - choose the suffix .pfx or .p12 , else you won't be able to see the files.
1.1	261
109.1	262	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatFormat.png]]
1.1	263
	264
	265
	266
109.1	267	* Click on Continue
	268	* Enter the passphrase
	269	* Also choose to make your key exportable and then click on Continue.
83.1	270
109.1	271	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatPassphrase.png]]
1.1	272
	273
	274
	275
109.1	276	* In this windows just click on Continue.
1.1	277
109.1	278	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatSpeicher.png]]
1.1	279
	280
	281
	282
109.1	283	* In the end, click on Finish and verify the last window with OK.
1.1	284
109.1	285	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/importvorgangErfolgreich.png]]
1.1	286
	287
	288
	289
109.1	290	* Your certificate should be visible under Your Certificates.
1.1	291
109.1	292	==== 1.3.2. Mac OS X ====
1.1	293
109.1	294	Double click on your certificate
1.1	295
109.1	296	* Now in the Add Certificates - Window click on Add
1.1	297
109.1	298	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/appleCertificate.png]]
1.1	299
	300
	301
	302
109.1	303	* Enter your certificate-passphrase
1.1	304
109.1	305	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/applePasswd.png]]
1.1	306
	307
	308
	309
109.1	310	* The certificate is now ready to use and can, for example, be used in Apple Mail to sign and encrypt your messages.
1.1	311
109.1	312	[[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/applemail_1.png\|\|alt="applemail_1.png" height="307" title="applemail_1.png" width="466"]]
1.1	313
	314
	315
109.1	316	==== 1.2.3. Windows-Outlook 2019 ====
1.1	317
109.1	318	===== 1.2.3.1. Install certificate =====
1.1	319
	320
	321
109.1	322	Open Outlook and click File in the tab.
1.1	323
109.1	324	[[image:20file.png\|\|width="900"]]
1.1	325
	326
	327
109.1	328
	329	Then open Options in the left area.
77.1	330
109.1	331	[[image:1options.png\|\|width="900"]]
1.1	332
77.1	333
1.1	334
109.1	335
	336	In the opened window select Trustcenter
1.1	337
109.1	338	[[image:2trustcenter.png\|\|width="1000"]]
1.1	339
	340
	341
	342
109.1	343	Click the Settings button for the trust center.
1.1	344
109.1	345	[[image:3trustcentersettings.png\|\|width="1000"]]
1.1	346
	347
76.1	348
109.1	349
	350	In the next dialog box, click Security Center and then on E-Mail Security. Under the Digital IDs (Certificates) section, select Import / Export.
1.1	351
109.1	352	[[image:1trustcenteremailsecuritsimportexport.png\|\|width="900"]]
	353
76.1	354
1.1	355
	356
109.1	357	In the opened window go to Search. Select the correct certificate and confirm with OK. For Import / Export digital ID enter the password that was assigned during the export process from Firefox has been. Then click OK.
1.1	358
109.1	359	[[image:35importexport.png\|\|height="814" width="743"]]
	360
1.1	361
	362
109.1	363
	364	You can complete the process with OK, then the medium security level will be selected. You can also click Set security level to adjust this setting.
1.1	365
109.1	366	[[image:16setsecuritylevel.png\|\|width="900"]]
	367
1.1	368
	369
109.1	370
	371	You can choose medium or high security levels.
1.1	372
109.1	373	[[image:17highsecuritylevel.png\|\|height="584" width="775"]]
	374
1.1	375
	376
109.1	377
	378	If you select the high security level, you must choose a password that you have to use before encrypting and decrypting the e-mail.
1.1	379
109.1	380	[[image:18createapassword.png\|\|width="900"]]
	381
1.1	382
	383
109.1	384
	385	Confirm the change with OK and then close all windows. If you want to select the medium security level, you have to click Set security level again.
1.1	386
109.1	387	[[image:91importinganewprivateexchangekey.png\|\|width="900"]]
	388
1.1	389
109.1	390
	391
	392	If you want to write an encrypted email, you have to enter the chosen password.
	393
	394	[[image:30emailverfassen.png\|\|width="900"]]
	395
	396
	397
	398
	399
	400	===== 1.2.3.2. Sign and encrypt emails =====
	401
	402	Your ITO certificate has now been imported into Outlook and you can select it under Encrypted e-mail messages using the Settings button for the e-mail address.
	403
	404
	405	[[image:Out51.png\|\|width="900"]]
	406
	407
	408
	409
	410	You should see the certificate you just installed under Signature Certificate and Encryption Certificate. If this is not the case, you still have to select the certificate by clicking the Select button.
	411
	412	[[image:Out61.png\|\|width="900"]]
	413
	414
	415
	416
	417	Here you can see the issuer of the certificate and the expiry date.
	418
	419	[[image:Out71.png\|\|width="900"]]
	420
	421
	422
	423
	424
	425	== 2. FAQ ==
	426
	427
	428	=== My certificate is in .pem format, but my program only accepts .p12 format. What should I do? ===
	429
	430	The certificate you downloaded from the Self-Service Portal (ssp.cit.tum.de) is in .pem format, and some client programs do not support it. This problem is easily solved. All you have to do is find a program that accepts .pem files. Firefox is one of them, and since it is widespread, we'll assume that Firefox is being used for this guide.
	431
	432	Now to the real issue:
	433
	434	1) Make sure your old expired certificate is installed in Firefox. If it is not installed there, you must export the old certificate from another application and import it into Firefox. How to export a certificate can be found in our [[Wiki instructions>>https://xwiki.rbg.tum.de/bin/view/Informatik/Helpdesk/ZertifikatExportieren#Firefox]].
	435
	436	2) Import the new certificate (.pem-file) in Firefox. How to install a certificate can be found above on this page.
	437
	438	3) Export the new certificate from Firefox.
	439
	440
	441	Voilà! Now you have a new .p12 file, which can be imported into other programs as usual.
	442
	443
	444	Note: Please be aware that when importing the new .p12 file, you must change its settings as usual. In particular, you must also adjust the account settings for Thunderbird. Select the new certificate under Account Settings -> End-to-End Encryption -> S/MIME.
	445
	446	If you encounter some problems, contact: support@ito.cit.tum.de

Wiki source code of Wie kann ich das Benutzerzertifikat installieren?

Navigation