security certificates (PKI)

The Bauhaus-Universität Weimar is a member of the DFN-PKI – the “Public Key Infrastructure in the German Research Network” and operates its own registration office at the SCC. Digital certificates can be issued, distributed and audited via the DFN-PKI. Advanced certificates based on the X.509 standard are used.
The main tasks of our office are the processing of certificate applications and the blocking of certificates, as well as the advice of users. 
Due to the close cooperation and shared use of the IT infrastructure, we also issue certificates for the University of Music FRANZ LISZT Weimar.

Request for server certificates

Request for user certificates (Nutzerzertifikat tab)

Note: If you cannot print out the application, please try an alternative browser.

Special cases:

Request for grid certificates (users and servers)

Request for certificates for foreign domains / by external server administration etc. (Instructions only in German)

Web interface – root certificates, blocking list, certification policy

To ensure that connected clients can verify the server certificates, you first have to implement the root certificate into your browser/e-mail programme. By the use of root certificates which were certified by T-Systems this is generally done automatically. Otherwise you will have to import the root certificate into your browser manually. You can do this via the web interface of our registration office. The root certificate provided on the interface can be temporarily accepted until the root certificates are successfully imported.

Signing / encrypting when using OWA is currently not possible with the MS Edge Chromium. We recommend using Internet Explorer instead.

On the web interface you will also find the certificate blocking list which you should install into your browser/e-mail client. Click on “Install blocking list” (“Sperrliste installieren”) so that invalid certificates are no longer accepted. You can also find additional information on the interface, such as the certification policy.

Signing/encrypting when using OWA is currently not possible with MS Edge Chromium. It is recommended to use Internet Explorer instead.

For convenient use of e-mail encryption, we recommend integrating the LDAP directory service of the DFN-PKI in the e-mail client, as described in our Outlook configuration instructions.

Questions and answers regarding DFN-PKI

Installation of the Deutsche Telekom root CA certificate in Linux server systems

Debian (similar like Ubuntu)


Contact Data Registration office

Klaus Mebus/ Ulfried Herrmann
Servicezentrum für Computersysteme und -kommunikation
Steubenstraße 6a
D-99421 Weimar
e-mail: pki[at]
phone: 03643 58 24 32/ 03643 58 24 48