Entering the certificate and private key into the server

As soon as a certificate you have requested is issued, you will receive an e-mail with download links. Under  »Available formats«, select a format that already contains the certificate chain.
For Apache / nginx »Certificate (w/ issuer after)« is offered, for Microsoft IIS »PKCS#7«.

After you have saved your private key and your certificate, you should install theroot certificate of the DFN-PKI and the CA certificate of the Bauhaus-Universität Weimar. 

Check the fingerprint of the CA certificates. To display the fingerprint, you can call OpenSSL as follows:

openssl x509 -in <CA-Zertifikat.pem> -fingerprint -sha256 -noout

To make the existing chain of CA certificates available to the server, you can either specify each individual certificate in the configuration file or use the UNIX command cat to create a file containing all the necessary CA certificates.

Example for the Apache web server:

server # cat dfn-root-ca-cert.pem  top-cacert.pem cacert.pem >> ca-bundle.crt