Differences

This shows you the differences between two versions of the page.

--- services:certificates:obtain [2016/01/06 22:17] – [Export your certificate and secret key to a file] dreger
+++ services:certificates:obtain [2016/01/06 22:30] (current) – [Creation of a key-pair and certificate request] dreger
@@ Line 18: / Line 18: @@
 This process will create a personal certificate which is valid even outside of the FU. The reason why this works is that the FU-CA will sign your certificate with their own certificate, which in turn is signed by the DFN-Verein (Deutsches Forschungsnetz) certificate which again has been signed by Deutsche Telekom Root CA. So once an application (e.g. a web browser) trusts the certificate from Deutsche Telekom, it will trust the authenticity of your personal certificate.
-===== Creation of a key-pair =====
+===== Creation of a key-pair and certificate request =====
 We will do this in the Mozilla Firefox browser since it is available on all operating systems and it's easy to find the created key-pair later on, since it stays in the browser. Please note that for the whole process you need to use the exact same computer and browser. So don't start this at work and try to finish it at home.
-Start Firefox and visit the [[https://pki.pca.dfn.de/fu-ca/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=1&RA_ID=400|DFN-PKI page for physics users]]. CLick **Nutzerzertifikat** and fill in the necessary information:
+Start Firefox and visit the [[https://pki.pca.dfn.de/fu-ca/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=1&RA_ID=400|DFN-PKI page for physics users]]. Click **Nutzerzertifikat** and fill in the necessary information:
 {{:services:certificates:fu-ca01.png?nolink|}}
-While the first checkbox is mandatory, the second is optional. If you select the second checkbox your certificate will be published by the DFN website, e.g. it will be found using the **Zertifikat suchen** function. If you want to enable other users to send you encrypted email, you probably should enable publishing you certificate. After two more clicks you should print out and sign your certificate form, which looks like this:
+While the first checkbox is mandatory, the second is optional. If you select the second checkbox your certificate will be published by the DFN website, e.g. it will be found using the **Zertifikat suchen** function. If you want to enable other users to send you encrypted email, you probably should enable publishing your certificate. After two more clicks you should print out and sign your certificate form, which looks like this:
 {{:services:certificates:fu-ca02.png?nolink|}}
@@ Line 56: / Line 56: @@
 {{:services:certificates:fu-ca08.png?nolink|}}
-It makes sense to give that file a names that refers to the certificate, for example use the serial number as stated in the email message (7508596253892957 in this case).
+It makes sense to give that file a name that refers to the certificate inside, for example use the serial number as stated in the email message (7508596253892957 in this case). The .p12 file itself is encrypted and can not be read easily.
+Next we'll see how to [[services:certificates:signpdf|use your personal certificate to sign PDF documents]].