GRID-Zertifikate


Please note: members of the LMU please contact dfn-lmu-ra@lists.physik.uni-muenchen.de first.




GRID certificates are server certificates or personal certificates, but they belong to their own infrastructure. They have the following key scopes:

  • digitalSignature
  • keyEncipherment

and the enhanced key scopes

  • clientAuth
  • emailProtection

GRID certificates are the only personal certificates which the LRZ is permitted to issue to persons outside the BAdW.

The name space is as follows:

  • C=DE
  • O=GridGermany
  • The OU depends on the institution you belong to: Leibniz Rechenzentrum, Technische Universitaet Muenchen or Ludwig-Maximilians-Universitaet Muenchen. Another OU for your department / faculty is possible.
  • The CN is you first and family name (in case of a user certificate) or the server name (in case of a server certificate).

Please note: In GRID, neither group- nor pseudonym certificates are allowed. The SubjectDN must not contain "pseudonym", "GN" or "SN" as attributes. The CN must not start with "GRP:", "GRP -", "PN:" or "PN ". However, robot certificates are possible. The CN may start with "Robot:" or "Robot-".


You can request a GRID certificate here: https://pki.pca.dfn.de/dfn-pki/grid-root-ca/101

The page Request server certificate, for example, looks like this:

After filling out the form, klick on Next:

If you klick on Save certificate application data file, you are prompted for a password:


You can find additional information here: https://www.lrz.de/services/compute/grid_en/certificate_en/person-certificate_en/

in the DFN CERT policies: https://www.pki.dfn.de/fileadmin/PKI/DFN-PKI_grid-cps_v16.pdf

and on the DFN GRID home page: https://www.pki.dfn.de/grid/ and https://www.pki.dfn.de/faqpki/faqpki-grid/


Please note that GRID certificates cannot be used for signing e-mails. This is technically possible but GRID certificates do not belong to any browser based certificate infrastructure. Therefore no mail client can verify these certificates.



Last update: October 27, 2022