Public Key Infrastructure

Below you will find instructions on how to request certificates with popular web browsers as well as instructions for the use of this certificates. The instructions for certification shall relate to e-mail (S / MIME) certificates. However, the requirement of other types of certificates is designed largely similar. If you have suggestions for further instructions or additional questions, you can send an e-mail to

Application for personal email certificate

Request your personal email certificate using a Web browser.

Please use only Mozilla Firefox!

All other browsers do not support the generation of private keys1)!

Select a Registration Authority (RA)

Three steps to the application: 1 step: Fill out form 2 step: confirm details 3 step: Download the application in PDF format

At the end of the application, please download the generated PDF file.

Please the printed certificate request under slices by hand.

With the application signed by you please go to the relevant RA operator in your institution.

Hold your valid identity card for personal identification.

After the carried out personal identification and verification of the certificate request the competent RA operator will issue your certificate request.

You will receive an email to your personal email certificate with your certificate in the annex.

For further steps and detailed instructions on the installation of the certificate in various email clients, read the information in the following document.

(currently only in German)

Apply for server certificate

Call OpenSSL with the following Parameters

openssl req -newkey rsa:2048 -sha256 -keyout priv-key.pem -out certreq.pem
  • Download script.
  • Change flags with
    chmod 744
  • Run script as follows



openssl req -newkey rsa:2048 -sha256 -keyout priv-key.pem -out certreq.pem

Then you proceed application from step 2 of the section application for personal email certificate, choose of a suitably competent RA.

1) An unsupported or obsolete function!