services:certificates:obtain
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
services:certificates:obtain [2016/01/06 21:11] – [Creation of a key-pair] dreger | services:certificates:obtain [2016/01/06 22:30] (current) – [Creation of a key-pair and certificate request] dreger | ||
---|---|---|---|
Line 18: | Line 18: | ||
This process will create a personal certificate which is valid even outside of the FU. The reason why this works is that the FU-CA will sign your certificate with their own certificate, | This process will create a personal certificate which is valid even outside of the FU. The reason why this works is that the FU-CA will sign your certificate with their own certificate, | ||
- | ===== Creation of a key-pair ===== | + | ===== Creation of a key-pair |
We will do this in the Mozilla Firefox browser since it is available on all operating systems and it's easy to find the created key-pair later on, since it stays in the browser. Please note that for the whole process you need to use the exact same computer and browser. So don't start this at work and try to finish it at home. | We will do this in the Mozilla Firefox browser since it is available on all operating systems and it's easy to find the created key-pair later on, since it stays in the browser. Please note that for the whole process you need to use the exact same computer and browser. So don't start this at work and try to finish it at home. | ||
- | Start Firefox and visit the [[https:// | + | Start Firefox and visit the [[https:// |
{{: | {{: | ||
+ | |||
+ | While the first checkbox is mandatory, the second is optional. If you select the second checkbox your certificate will be published by the DFN website, e.g. it will be found using the **Zertifikat suchen** function. If you want to enable other users to send you encrypted email, you probably should enable publishing your certificate. After two more clicks you should print out and sign your certificate form, which looks like this: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ===== Approval of your certificate request ===== | ||
+ | |||
+ | Take this printout to Jens Dreger and bring an ID (Personalausweis). After your certificate has been approved you will receive an email: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | The attachment to this mail is your certificate file. This is the public part of your key-pair and the secret key is still stored inside your browser. You now need to join these keys and export both. To do so click the second link in the email message and you should be taken to a page that looks like so: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Click on **Zertifikat importieren** and you should receive a message like: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | If you get some error message like //This personal certificate can't be installed because you do not own the corresponding private key which was created when the certificate was requested// you have most likely mixed computers or browsers. | ||
+ | |||
+ | ===== Export your certificate and secret key to a file ===== | ||
+ | |||
+ | You have now joined the signed certificate containing your public key and the secret key inside the browser certificate store. Go to **Options -> Advanced -> View Certificates** and select the **Your Certificates** tab. You should find your certificate: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Select your certificate, | ||
+ | |||
+ | {{: | ||
+ | |||
+ | It makes sense to give that file a name that refers to the certificate inside, for example use the serial number as stated in the email message (7508596253892957 in this case). The .p12 file itself is encrypted and can not be read easily. | ||
+ | |||
+ | Next we'll see how to [[services: |
services/certificates/obtain.1452114718.txt.gz · Last modified: 2016/01/06 21:11 by dreger