BTU-CA within the  DFN-PKI with security level "Global"

Features:

  • The operation of the BTU-CA has been outsourced to the DFN Network. The certificates are issued by the DFN-PKI. The registration authority (RA) stayed at the BTU Cottbus.
  • The operations are based on:
    f The certification policy (CP) of the DFN-PKI
    f The certification practise statement (CPS) of the DFN-PKI
    f The certification practise statement (CPS) of the BTU-CA.
  • The BTU CA Global will issue advanced certificates according to Germany's signature law SigG.
  • The user provides the following data:
    last name, first name(s), name affixes as far as in the ID-document(passport or identity card), type and last 5 numbers/characters of the ID-document, name and address of the related organisation, proof of membership of the specified organisation
  • "Root-in-the-Browser" - Feature: The root certificate of the "Deutsche Telekom Root CA 2", which has signed the certificate of the DFN PKI within the hierarchy "Global", is already enclosed in the Microsoft Internet Explorer. It is now also enclosed in the new version of Mozilla Firefox (from version 3.5 on), so that it is no longer necessary to import the root certificates into these browsers.
  • The creation of private keys as a prerequisite for issuing client certificates will take place at a web interface of the DFN-PKI directly in the user's browser. The certificate request will be sent by to DFN PKI. Your certificate request form will also be generated online. The user has to hand over this certificate request form to the registration authority (RA) of the BTU-CA. The RA will validate the request form, identify the user based on a valid identity card or a passport and approve the certificate request. The certificate will then be issued by the DFN-PKI and sent to the user's e-mail address.
  • For server certificates the private key and the certificate request have to be generated by the servers administrator or at the BTU-CA. The certificate request (PKCS#10-certificate request) will then be uploaded to the DFN-PKI. The administrator then online generates a certificate request form and hands it over to the registration authority of the BTU-CA. The RA will check the request and approve the request. The certificate will be issued by the DFN-PKI and be sent to the server administrator - therefore it is very important to provide a valid *tu-cottbus.de - e-mail-address.
  • Client certificates are valid for 3 years.
  • Server certificates are valid for 5 years.
  • There won't be any re-certifications. After a certificate expires, you need to apply for a new one.
  • The certificates might be published if requested at the DFN directory. The certificates will be published according to the BTU-CA's certification practise statement (CPS) at the BTU directory.

 

 

Contact persons

Elgin Lorenz (Tel. 0355 693573)
Thomas Pawell (Tel. 0355 692874)
Mario Döring (Tel. 0355 693560)

eMail-address:    ca-btu[at]tu-cottbus.de

Postal address:            
CA der BTU Cottbus
IKMZ / Universitätsrechenzentrum
Konrad-Wachsmann-Allee 1
03046 Cottbus