direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Page Content

Digital Software Certificates

Proof of identity and the secure transmission of data are an indispensable requirement for the reliable use of electronic services.

This refers in particular to the following measures:

  • Signing of e-mails (for clear identification of the sender and protection against manipulation of the content)
  • Encryption of e-mails (to prevent unauthorised persons from gaining knowledge)
  • and digital signing of documents and forms. [1]

For the technical realisation, "digital software certificates" are used, which are personalised and can be viewed like an identity card in the "analogue" world.

Please note:

  • The file to be downloaded contains your private cryptographic key as well as the digital certificate. The file is encrypted with your TUB account password. If you have changed your password after generating the certificates, the password valid at that time will still apply to this file.
  • Only TU Berlin e-mail addresses stored in the system (e.g. @tu-berlin, @math) can be used with the certificate.
  • If email forwarding has been set up (to a private address), encrypted emails can be received, but no encrypted emails can be sent via this mailbox.
  • If new software certificates are issued and old certificates are deleted, it will no longer be possible to decrypt the e-mails secured with the old encryption. To be able to read e-mails encrypted with a previous certificate, the certificate used at that time is also required.

Please use your certificates carefully:

  • Protect your "key chain" on your computer with an additional password.
  • Never install the certificates on a public computer, as anyone who has access to this computer could then sign and send e-mails in your name.

Obtain Certificates

Software certificates can be applied for at the Trust Centre (TSM) of the TU Berlin. The office hours and contact details of the TSM can be found at https://www.tu-berlin.de/?222608 [2]

A valid personal identification document (passport or ID card) and your service and/or student ID card are required for identification. The appointment must be attended by the person who wishes to apply for a certificate (substitution is not possible).

You can then apply for the certificate under the menu item "My profile" > "My certificates" > "Software certificates" > "Download software certificates" > "Apply for a new software certificate online"

You can download the new certificate after just a few minutes by clicking on the button "Download software certificate file".

Renew certificates

Software certificates can be applied for online. The online application for software certificates requires prior identification every 39 months by an authorised participant service staff member of the Trust Centre (TSM).

You can apply for the certificate under the menu item "My Profile" > "My Certificates" > "Software Certificates" > "Download Software Certificates" > "Apply for a new software certificate online"

You can obtain the new certificate after just a few minutes by clicking on the button "Download software certificate file".

Now integrate the new certificate as usual and set it as the default certificate.

Attention: Do not remove the old certificates from the system, otherwise you will no longer be able to open the mails signed/encrypted with the old certificate.

Embedding your certificates in Windows

In order to use the certificates in Internet Explorer and Outlook, they must be imported into the certificate store. This step assumes that you have already obtained the software certificates.

Double-click on the certificate file with the extension ".p12". Confirm the following steps until you are prompted to enter a password. Then enter your password and confirm all further steps.

 

 

Embedding of Certificates in Outlook

To integrate the software certificates in Outlook, the software certificate must first be imported into the certificate store.

  1.     Click on "File">"Options">"Trust Center">"Settings for the Trust Center...".
  2.     Select the "E-mail Security" area and click on "Settings".
  3.     Click on "Select..." and select the TU Berlin certificate.
  4.     Now you can confirm all windows with "OK" and close them.

Embedding of Certificates in Thunderbird

To be able to use the certificates in Thunderbird, they must be imported into the certificate store. This step assumes that you have already obtained the software certificates.

  1. Open the settings dialogue in Thunderbird and open the "Advanced" area and then the  "Certificates" tab. Click on the "Certificates" button.
  2. Switch to the tab "Your certificates" and click on "Import". Now select the certificate and confirm the subsequent query with your password.
  3. Close all dialogues.
  4. Then open the "account settings"
  5. Select the TU-Berlin account and click on "Security".
  6. Signature

  1. Select the button "Select" next to the field Digital Signature.
  2. Select the TU Berlin certificate in the new window and click "OK".
  3. Check the box "Sign messages by default".

7. Encryption

  1. Select the button "Select" next to the field for digital signature.
  2. Select the TU Berlin certificate in the new window and click "OK".

Embedding of Certificates in iOS

  1. Send an email with the downloaded certificate file as an attachment to your own email address.
  2. Open this e-mail on your iPhone/iPad and then open the attachment. iOS recognises the certificate and you press the "Install" button.
  3. If your device is protected with a PIN code, please enter this code
  4. and confirm the installation of an unsigned profile (press "Install" in the top right-hand corner)
  5. then enter the password that was used to create the certificate. (This should be your TUB account password)
  6. Press "Next"
  7. Press "Done" - the certificate is installed.

Embedding of Certificates in Firefox

To use the certificates in Firefox, they must be imported into the certificate store. This step assumes that you have already obtained the software certificates.

  1. Open the settings dialogue in Thunderbird and open the "Advanced" section and then the "Certificates" tab. Click on the button "Show certificates".
  2. Switch to the tab "Your certificates" and click on "Import". Now select the certificate and confirm the following prompt with your password.
  3. Close all dialogues.

Sign and encrypt e-mails with Outlook

To sign and encrypt your e-mails with Outlook, the software certificate must first be imported into the certificate store and integrated into Outlook.

Before sending an e-mail, select the "Options" tab and select the "Sign" and "Encrypt" options.

Please note that you must have exchanged a signed e-mail with the other party before you can encrypt your communication.

Sign and encrypt e-mails with Thunderbird

To sign and encrypt your e-mails with Thunderbird, the software certificate must first be integrated in Thunderbird.

Before sending an e-mail, select the arrow next to "S/MIME" and select "Sign message" and "Encrypt message".

Please note that you must first have exchanged a signed e-mail with the other party before you can encrypt your communication.

Sign and encrypt with Outlook for Mac under OSX

1. Go to "Outlook/Settings" and click on "Accounts":
2. Then go to "Advanced" and "Security settings"

Here you select the certificate and whether the e-mails should only be signed or also encrypted by default.
With the item "Send digitally signed messages as plain text" you ensure that the recipient can always read the message.
If you include your public certificate ("Include my certificates in signed messages"), the recipient can send you encrypted messages.

3. To send encrypted e-mails, you need the recipient's public certificate, which the recipient should send to you by e-mail.

Sign and encrypt with Mail for iOS, iPhone and iPad

Sending signed and/or encrypted e-mails

Go to "Settings" > "Mail, Contacts, Calendar" > "Accounts" > "Exchange Account" > "Advanced Settings" and switch on the use of S/MIME.

Then you can activate signing and encryption.

Then 2x back to the account page and press "Done" on the top right.

E-mails can now be sent signed.

Send and Encrypt for Mail in iOS

To send encrypted e-mails, you need the recipient's public certificate, which you must install.

  1. To do this, you need a signed e-mail from the recipient (such e-mails are marked with a round seal with a tick next to the sender).
  2. Open it and click on the sender.
  3. The certificate can now be installed under "Show certificate".

Afterwards, the outgoing e-mails are automatically signed and, if necessary, encrypted if the recipient's public key has been installed.

------ Links: ------

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe

Auxiliary Functions

Copyright TU Berlin 2008