Skip to content


KIT-CA issues x509 certificates to all members of KIT.

There are two main areas of application for such certificates:

  1. Securing e-mail communication by encrypting and signing e-mails
  2. Securing server communication by the operator; at KIT these are mainly web servers

A brief explanation of the concepts relevant to you can be found here.

There is a difference in the application process between certificates for natural persons and the rest (groups, functional mailboxes, pseudonymized students). The former have to identify themselves regularly, the latter do not.

Instructions for setting up certificates in Outlook.

Instructions for setting up e-mail clients:

Certificates for servers

We urgently advise all server operators to only obtain certificates from Let’s Encrypt automatically. We provide corresponding documentation and tooling.

If ACME clients for Let’s Encrypt cannot be integrated into your infrastructure, you may also obtain a certificate from us (currently from the provider Sectigo via the GÉANT-TCS project). These are currently only valid for one year. The validity period of server certificates will probably soon to be reduced to 90 days.

Instructions for requesting server certificates are here.