Zertifikate in der DFN Community PKI
URL for certificate requests: https://pki.pca.dfn.de/dfn-pki/dfn-verein-community-ca/3230/
Informations: https://www.pki.dfn.de/dfn-verein-community-pki
Download-Link for the root certificate: https://doku.tid.dfn.de/de:dfnpki:dfnpki_root_certs#dfn-verein_community_pki
The most important facts in brief:
- The LRZ-PKI issues DFN community certificates only for servers of the LRZ, BAdW or LRZ-hosted servers.
- Certificates in the DFN Community PKI have a longer life time: for servers 1170 days(appr. 39 months), for users 1825 days (appr. 5 years, although user certificates in this environment don't have a discernible purpose).
- The belonging root certificate is not built into the browser, so it must be installed manually.
- This makes community certificates more suitable for internal purposes like telephone installations (with profile "VoIP-Server").
- As usual with the DFN-PKI, there is also a PDF. However, it is sufficient to forward this to pki@lrz.de. You do not need to print out and sign it.
The web form looks like this, with the top three items (user certificate, pseudonym certificate and group certificate) being more or less irrelevant:
Please note: These certificates cannot be obtained automatically via ACME / Certbot. However, there is a SAOP API.
Last updated on November 28, 2024