Page Content
Digital Software Certificates
Proof of identity and the
secure transmission of data are an indispensable requirement for the
reliable use of electronic services.
This refers in
particular to the following measures:
- Signing of e-mails (for clear identification of the sender and protection against manipulation of the content)
- Encryption of e-mails (to prevent unauthorised persons from gaining knowledge)
- and digital signing of documents and forms. [1]
For the technical realisation, "digital
software certificates" are used, which are personalised and can
be viewed like an identity card in the "analogue" world.
Please note:
- The file to be downloaded contains your private cryptographic key as well as the digital certificate. The file is encrypted with your TUB account password. If you have changed your password after generating the certificates, the password valid at that time will still apply to this file.
- Only TU Berlin e-mail addresses stored in the system (e.g. @tu-berlin, @math) can be used with the certificate.
- If email forwarding has been set up (to a private address), encrypted emails can be received, but no encrypted emails can be sent via this mailbox.
- If new software certificates are issued and old certificates are deleted, it will no longer be possible to decrypt the e-mails secured with the old encryption. To be able to read e-mails encrypted with a previous certificate, the certificate used at that time is also required.
Please use your certificates carefully:
- Protect your "key chain" on your computer with an additional password.
- Never install the certificates on a public computer, as anyone who has access to this computer could then sign and send e-mails in your name.
Obtain Certificates
Software certificates can be applied for at the
Trust Centre (TSM) of the TU Berlin. The office hours and contact
details of the TSM can be found at https://www.tu-berlin.de/?222608
[2]
A valid personal identification document (passport or
ID card) and your service and/or student ID card are required for
identification. The appointment must be attended by the person who
wishes to apply for a certificate (substitution is not possible).
You can then apply for the certificate under the menu item
"My profile" > "My certificates" >
"Software certificates" > "Download software
certificates" > "Apply for a new software certificate
online"
You can download the new certificate
after just a few minutes by clicking on the button
"Download software certificate file".
Renew certificates
Software certificates can be applied for online.
The online application for software certificates requires prior
identification every 39 months by an authorised participant service
staff member of the Trust Centre (TSM).
You can apply for
the certificate under the menu item "My Profile"
> "My Certificates" > "Software
Certificates" > "Download Software Certificates"
> "Apply for a new software certificate
online"
You can obtain the new certificate
after just a few minutes by clicking on the button
"Download software certificate file".
Now integrate the new certificate as usual and set it as the
default certificate.
Attention: Do not remove the
old certificates from the system, otherwise you will no longer be able
to open the mails signed/encrypted with the old
certificate.
Embedding your certificates in Windows
In order to use the certificates
in Internet Explorer and Outlook, they must be imported into the
certificate store. This step assumes that you have already obtained
the software certificates.
Double-click on the certificate
file with the extension ".p12". Confirm the following steps
until you are prompted to enter a password. Then enter your
password and confirm all further steps.
Embedding of Certificates in Outlook
To integrate the software certificates in Outlook, the software certificate must first be imported into the certificate store.
- Click on "File">"Options">"Trust Center">"Settings for the Trust Center...".
- Select the "E-mail Security" area and click on "Settings".
- Click on "Select..." and select the TU Berlin certificate.
- Now you can confirm all windows with "OK" and close them.
Embedding of Certificates in Thunderbird
To be able to use the certificates in Thunderbird, they must be imported into the certificate store. This step assumes that you have already obtained the software certificates.
- Open the settings dialogue in Thunderbird and open the "Advanced" area and then the "Certificates" tab. Click on the "Certificates" button.
- Switch to the tab "Your certificates" and click on "Import". Now select the certificate and confirm the subsequent query with your password.
- Close all dialogues.
- Then open the "account settings"
- Select the TU-Berlin account and click on "Security".
- Signature
- Select the button "Select" next to the field Digital Signature.
- Select the TU Berlin certificate in the new window and click "OK".
- Check the box "Sign messages by default".
7. Encryption
- Select the button "Select" next to the field for digital signature.
- Select the TU Berlin certificate in the new window and click "OK".
Embedding of Certificates in iOS
- Send an email with the downloaded certificate file as an attachment to your own email address.
- Open this e-mail on your iPhone/iPad and then open the attachment. iOS recognises the certificate and you press the "Install" button.
- If your device is protected with a PIN code, please enter this code
- and confirm the installation of an unsigned profile (press "Install" in the top right-hand corner)
- then enter the password that was used to create the certificate. (This should be your TUB account password)
- Press "Next"
- Press "Done" - the certificate is installed.
Embedding of Certificates in Firefox
To use the certificates in Firefox, they must be imported into the certificate store. This step assumes that you have already obtained the software certificates.
- Open the settings dialogue in Thunderbird and open the "Advanced" section and then the "Certificates" tab. Click on the button "Show certificates".
- Switch to the tab "Your certificates" and click on "Import". Now select the certificate and confirm the following prompt with your password.
- Close all dialogues.
Sign and encrypt e-mails with Outlook
To sign and
encrypt your e-mails with Outlook, the software certificate must first
be imported into the certificate store and integrated into Outlook.
Before sending an e-mail, select the
"Options" tab and select the
"Sign" and
"Encrypt" options.
Please note
that you must have exchanged a signed e-mail with the other party
before you can encrypt your communication.
Sign and encrypt e-mails with Thunderbird
To sign and encrypt your
e-mails with Thunderbird, the software certificate must first be
integrated in Thunderbird.
Before sending an e-mail, select
the arrow next to "S/MIME" and select "Sign
message" and "Encrypt
message".
Please note that you must first
have exchanged a signed e-mail with the other party before you can
encrypt your communication.
Sign and encrypt with Outlook for Mac under OSX
1. Go to
"Outlook/Settings" and click on
"Accounts":
2. Then go to
"Advanced" and "Security
settings"
Here you select the certificate and whether the e-mails should only
be signed or also encrypted by default.
With the item
"Send digitally signed messages as plain
text" you ensure that the recipient can always read the
message.
If you include your public certificate
("Include my certificates in signed
messages"), the recipient can send you encrypted
messages.
3. To send encrypted e-mails, you need the recipient's public certificate, which the recipient should send to you by e-mail.
Sign and encrypt with Mail for iOS, iPhone and iPad
Sending signed and/or encrypted e-mails
Go to "Settings" > "Mail, Contacts,
Calendar" > "Accounts" > "Exchange
Account" > "Advanced Settings" and switch
on the use of S/MIME.
Then you can activate signing and
encryption.
Then 2x back to the account page and press
"Done" on the top right.
E-mails
can now be sent signed.
Send and Encrypt for Mail in iOS
To send encrypted e-mails, you need the
recipient's public certificate, which you must install.
- To do this, you need a signed e-mail from the recipient (such e-mails are marked with a round seal with a tick next to the sender).
- Open it and click on the sender.
- The certificate can now be installed under "Show certificate".
Afterwards, the outgoing e-mails are automatically signed and, if necessary, encrypted if the recipient's public key has been installed.
vices/account_card/advanced_digital_signatures/paramete
r/en/maxhilfe/
e_tsm_steuerung/menue/startseite/parameter/en/maxhilfe/