Provision of digital certificates for secure email communication, file signatures, and server authentication.
The IT center provides a Public Key Infrastructure (PKI) in cooperation with the DFN Association through GÉANT-TCS (Trusted Certificate Service). The current CA provider is HARICA (since January 2025). User certificates (S/MIME) for email signing and encryption as well as server certificates for securing web applications and services are available. User certificates can be requested by employees (not students) through the HARICA portal.
University affiliation; user certificates: staff only; server certificates: server operation at Jade University
User certificates (S/MIME):
- Eligibility: staff only (NOT students)
- Standard: X.509, algorithm RSA, key size 4096 bits
- Purpose: email signing/encryption, file signing
- Request: HARICA Certificate Manager → Academic Login → Jade Hochschule → Email-only → email validation → enroll certificate (RSA, 4096) → download .p12 file
- Backup: rename to <date>_GEANT-TCS-HARICA_<name>.p12, store in CCS (Personal/Certificates) or Z:\Certificates Data Drives (STORE-DRIVES-1.0)
- Integration: Windows (Internet Options → Certificates), macOS (Keychain), iOS/Android (email .p12 to self), Linux (individual apps)
- Adobe document signing NOT supported
Server certificates (SSL/TLS):
- Eligibility: staff operating servers
- Validity: 1 year
- Preparation (generate CSR):
openssl genrsa -out key.pem 4096
openssl req -new -key key.pem -out csr.pem
(C=DE, ST=Niedersachsen, L=Wilhelmshaven/Oldenburg/Elsfleth, O=Jade Hochschule ...)
- Issuance: HARICA Certificate Manager → Server → OV certificate → submit CSR; contact: Mr. Früchtenicht / Mr. Manemann (HRZ)
Internal CAs (issued by HRZ):
- HS-WOE Certificate Authority (hs-woe.de)
- HS-WOE Certificate Authority (META)
- Internal CA integration: Windows (certificate management), macOS (Keychain), iOS (Safari → Profile), Android (Settings → Security), Ubuntu (sudo trust anchor), Firefox (Settings → Certificates)
Information about user certificates and server certificates in the HRZ Wiki: https://hrz-wiki.jade-hs.de/de/tp/certificates/start
Sources:
[1] https://hrz-wiki.jade-hs.de/en/tp/certificates/start