Install a server that is able to work with SSL.

Please read precisely the following policies:

•  The certification policy (CP) of the DFN-PKI
•  The certification practise statement (CPS) of the DFN-PKI
•  The certification practise statement (CPS) of the BTU-CA

By signing the certificate request form you acknowledge that you know, understand and accept this policy.

There are two methods for getting a server certificate:

1. The easy way: CA on Demand

2. Conventional way:

This process takes place online. All keys, requests and forms are generated in an webapplication provided by the DFN! Administrators apply  here for server certificates.

• the certificate request (PKCS #10-request) must be uploaded to the DFN PKI's server.     

• print the certificate request form, fill out completely and sign it.

• with this form and your valid photo ID (identity card or passport) you have to come to the RA for an identification purpose, (preferably after arranging an appointment by phone).

• here on the RA we will approve the request, if evrything is fine.

• the certificate will be sent to your e-mail address.

Hints for generating private key and request with openssl on the UNiX command line:

• install OpenSSL (if not already included in the operating system).

• generate a private key:

openssl genrsa -des3 -out <name> -rand <file with random characters> 2048

• generate a certificate request:

openssl req -new -key <the key's name> -out <the request's name>

• The request must contain the details according to the policy. Please also refer to the  list with official chair names

Certificate request forms for server certificates can be handed over at any time (remember: after arranging an appointment!) to an employee of the Registration Authority from the BTU-CA.