Certificates

SECID-CERT-1.0 IT Security & Identity Version 1.0
Main purpose

Provision of digital certificates for secure email communication, file signatures, and server authentication.

Description

The IT center provides a Public Key Infrastructure (PKI) in cooperation with the DFN Association through GÉANT-TCS (Trusted Certificate Service). The current CA provider is HARICA (since January 2025). User certificates (S/MIME) for email signing and encryption as well as server certificates for securing web applications and services are available. User certificates can be requested by employees (not students) through the HARICA portal.

Requirements

University affiliation; user certificates: staff only; server certificates: server operation at Jade University

Details

User certificates (S/MIME):
- Eligibility: staff only (NOT students)
- Standard: X.509, algorithm RSA, key size 4096 bits
- Purpose: email signing/encryption, file signing
- Request: HARICA Certificate Manager → Academic Login → Jade Hochschule → Email-only → email validation → enroll certificate (RSA, 4096) → download .p12 file
- Backup: rename to <date>_GEANT-TCS-HARICA_<name>.p12, store in CCS (Personal/Certificates) or Z:\Certificates Data Drives (STORE-DRIVES-1.0)
- Integration: Windows (Internet Options → Certificates), macOS (Keychain), iOS/Android (email .p12 to self), Linux (individual apps)
- Adobe document signing NOT supported

Server certificates (SSL/TLS):
- Eligibility: staff operating servers
- Validity: 1 year
- Preparation (generate CSR):
openssl genrsa -out key.pem 4096
openssl req -new -key key.pem -out csr.pem
(C=DE, ST=Niedersachsen, L=Wilhelmshaven/Oldenburg/Elsfleth, O=Jade Hochschule ...)
- Issuance: HARICA Certificate Manager → Server → OV certificate → submit CSR; contact: Mr. Früchtenicht / Mr. Manemann (HRZ)

Internal CAs (issued by HRZ):
- HS-WOE Certificate Authority (hs-woe.de)
- HS-WOE Certificate Authority (META)
- Internal CA integration: Windows (certificate management), macOS (Keychain), iOS (Safari → Profile), Android (Settings → Security), Ubuntu (sudo trust anchor), Firefox (Settings → Certificates)

Information about user certificates and server certificates in the HRZ Wiki: https://hrz-wiki.jade-hs.de/de/tp/certificates/start

Sources:
[1] https://hrz-wiki.jade-hs.de/en/tp/certificates/start

Link to service
Open service
https://cm.harica.gr/
Service contact
Available for
Students Employees Guests & External Partners
Service lifecycle
Available from
Jan. 1, 2024