KIT-CA

KIT-CA issues x509 certificates to all members of KIT.

There are two main areas of application for such certificates:

1. Securing e-mail communication by encrypting and signing e-mails
2. Securing server communication by the operator; at KIT these are mainly web servers

Certificates for email

A brief explanation of the concepts relevant to you can be found here.

There is a difference in the application process between certificates for natural persons and the rest (groups, functional mailboxes, pseudonymized students). The former have to identify themselves regularly, the latter do not.

• Instructions for requesting user certificates
• Instructions for requesting group and function certificates

Instructions for setting up certificates in Outlook.

Instructions for setting up e-mail clients:

• Configure Outlook (Windows)
• Configure Apple Mail and Outlook for Mac

Certificates for servers

We urgently advise all server operators to only obtain certificates from Let’s Encrypt automatically. We provide corresponding documentation and tooling.

If ACME clients for Let’s Encrypt cannot be integrated into your infrastructure, you may also obtain a certificate from us (currently from the provider HARICA via the GÉANT-TCS project). These are currently only valid for one year. The validity period of server certificates will slowly be reduced to 47 days in the next years.

Instructions for requesting server certificates are here.

Certificates for signing certificates

This topic is documented here.