Skip to content

Server certificates with GÉANT TCS

We recommend to automate issuance of server certificates using Let’s Encrypt with acme4netvs.

If this is not an option for you (e.g. because the server can’t connect to the internet), you can also request certificates using GÉANT TCS.

Request Process

  1. Create a Certificate Signing Request (CSR) with all domains required in the certificate as Subject Alternative Name (SAN). The Common Name (CN) can be any domain. Make sure that the Private Key corresponds to one of the key types listed above, otherwise the certificate cannot be issued.
  2. Send the CSR with by mail to ca@kit.edu. The mail must meet the following conditions:
    • The mail must be S/MIME signed by a person authorized for the domain.
    • [TCS Certificate Request] at the beginning of the subject line.
    • The mail address that should receive the completed certificate and notifications about it must be explicitly specified in the mail body.
    • Optional: We appreciate a short explanation why Let’s Encrypt is (currently) not an option for you.
  3. We issue the certificate after checking the permissions.
  4. You will receive a download link to the certificate and the certificate chain by mail from support@cert-manager.com.

Note

If the system previously used a certificate from DFN-CA Global and the operated software does not use the certificate store of the operating system, the certificate chain must be imported. A download link for the certificate chain is part of the certificate mail. This is often the case with Java software, for example.