Security Certificates (PKI)

The Bauhaus-Universität Weimar participates in the service »DFN-PKI« – the Public Key Infrastructure in the German Research Network. As a participating institution, the Bauhaus-Universität Weimar can request, generate, distribute and verify digital certificates for persons or data processing systems in its service area via the »DFN-PKI«.

DFN-PKI (BU Weimar CA)

The Bauhaus-Universität Weimar is a member of the DFN-PKI – the “Public Key Infrastructure in the German Research Network” and operates its own registration office at the SCC. Digital certificates can be issued, distributed and audited via the DFN-PKI. Advanced certificates based on the X.509 standard are used.

The main tasks of our office are the processing of certificate applications and the blocking of certificates, as well as the advice of users.

Due to the close cooperation and shared use of the IT infrastructure, we also issue certificates for the University of Music FRANZ LISZT Weimar.


Web interface – root certificates, blocking list, certification policy

To ensure that connected clients can verify the server certificates, you first have to implement the root certificate into your browser/e-mail programme. By the use of root certificates which were certified by T-Systems this is generally done automatically. Otherwise you will have to import the root certificate into your browser manually. You can do this via the web interface of our registration office. The root certificate provided on the interface can be temporarily accepted until the root certificates are successfully imported.

Signing / encrypting when using OWA is currently not possible with the MS Edge Chromium. We recommend using Internet Explorer instead.

On the web interface you will also find the certificate blocking list which you should install into your browser/e-mail client. Click on “Install blocking list” (“Sperrliste installieren”) so that invalid certificates are no longer accepted. You can also find additional information on the interface, such as the certification policy.

Signing/encrypting when using OWA is currently not possible with MS Edge Chromium. It is recommended to use Internet Explorer instead.

For convenient use of e-mail encryption, we recommend integrating the LDAP directory service of the DFN-PKI in the e-mail client, as described in our Outlook configuration instructions.

Questions and answers regarding DFN-PKI


Installation of the Deutsche Telekom root CA certificate in Linux server systems

Debian (similar like Ubuntu)

SLES10