Digital Software Certificates

Software certificates can be applied for at the Trust Centre (TSM) of the TU Berlin. The office hours and contact details of the TSM can be found at https://www.tu-berlin.de/?222608 [2]

A valid personal identification document (passport or ID card) and your service and/or student ID card are required for identification. The appointment must be attended by the person who wishes to apply for a certificate (substitution is not possible).

You can then apply for the certificate under the menu item "My profile" > "My certificates" > "Software certificates" > "Download software certificates" > "Apply for a new software certificate online"

You can download the new certificate after just a few minutes by clicking on the button "Download software certificate file".

Software certificates can be applied for online. The online application for software certificates requires prior identification every 39 months by an authorised participant service staff member of the Trust Centre (TSM).

You can apply for the certificate under the menu item "My Profile" > "My Certificates" > "Software Certificates" > "Download Software Certificates" > "Apply for a new software certificate online"

You can obtain the new certificate after just a few minutes by clicking on the button "Download software certificate file".

Now integrate the new certificate as usual and set it as the default certificate.

Attention: Do not remove the old certificates from the system, otherwise you will no longer be able to open the mails signed/encrypted with the old certificate.

In order to use the certificates in Internet Explorer and Outlook, they must be imported into the certificate store. This step assumes that you have already obtained the software certificates.

Double-click on the certificate file with the extension ".p12". Confirm the following steps until you are prompted to enter a password. Then enter your password and confirm all further steps.

To integrate the software certificates in Outlook, the software certificate must first be imported into the certificate store.

1.     Click on "File">"Options">"Trust Center">"Settings for the Trust Center...".
2.     Select the "E-mail Security" area and click on "Settings".
3.     Click on "Select..." and select the TU Berlin certificate.
4.     Now you can confirm all windows with "OK" and close them.

To be able to use the certificates in Thunderbird, they must be imported into the certificate store. This step assumes that you have already obtained the software certificates.

1. Open the settings dialogue in Thunderbird and open the "Advanced" area and then the  "Certificates" tab. Click on the "Certificates" button.
2. Switch to the tab "Your certificates" and click on "Import". Now select the certificate and confirm the subsequent query with your password.
3. Close all dialogues.
4. Then open the "account settings"
5. Select the TU-Berlin account and click on "Security".
6. Signature

1. Send an email with the downloaded certificate file as an attachment to your own email address.
2. Open this e-mail on your iPhone/iPad and then open the attachment. iOS recognises the certificate and you press the "Install" button.
3. If your device is protected with a PIN code, please enter this code
4. and confirm the installation of an unsigned profile (press "Install" in the top right-hand corner)
5. then enter the password that was used to create the certificate. (This should be your TUB account password)
6. Press "Next"
7. Press "Done" - the certificate is installed.

To use the certificates in Firefox, they must be imported into the certificate store. This step assumes that you have already obtained the software certificates.

1. Open the settings dialogue in Thunderbird and open the "Advanced" section and then the "Certificates" tab. Click on the button "Show certificates".
2. Switch to the tab "Your certificates" and click on "Import". Now select the certificate and confirm the following prompt with your password.
3. Close all dialogues.

To sign and encrypt your e-mails with Outlook, the software certificate must first be imported into the certificate store and integrated into Outlook.

Before sending an e-mail, select the "Options" tab and select the "Sign" and "Encrypt" options.

Please note that you must have exchanged a signed e-mail with the other party before you can encrypt your communication.

To sign and encrypt your e-mails with Thunderbird, the software certificate must first be integrated in Thunderbird.

Before sending an e-mail, select the arrow next to "S/MIME" and select "Sign message" and "Encrypt message".

Please note that you must first have exchanged a signed e-mail with the other party before you can encrypt your communication.

1. Go to "Outlook/Settings" and click on "Accounts":
2. Then go to "Advanced" and "Security settings"

Here you select the certificate and whether the e-mails should only be signed or also encrypted by default.
With the item "Send digitally signed messages as plain text" you ensure that the recipient can always read the message.
If you include your public certificate ("Include my certificates in signed messages"), the recipient can send you encrypted messages.

3. To send encrypted e-mails, you need the recipient's public certificate, which the recipient should send to you by e-mail.

Sending signed and/or encrypted e-mails

Go to "Settings" > "Mail, Contacts, Calendar" > "Accounts" > "Exchange Account" > "Advanced Settings" and switch on the use of S/MIME.

Then you can activate signing and encryption.

Then 2x back to the account page and press "Done" on the top right.

E-mails can now be sent signed.

To send encrypted e-mails, you need the recipient's public certificate, which you must install.

1. To do this, you need a signed e-mail from the recipient (such e-mails are marked with a round seal with a tick next to the sender).
2. Open it and click on the sender.
3. The certificate can now be installed under "Show certificate".

Afterwards, the outgoing e-mails are automatically signed and, if necessary, encrypted if the recipient's public key has been installed.