Certificates at GSI
An electronic certificate guarantees the integrity of signed electronic documents.
The certificates at GSI are in use for different purposes:
- DFN certificatesto sign e-mails
- GSI security certificatesfor browsersand emailClients
- GSI certificates for signing executable code (e.g. bat, exe, VBA, Powershell, etc.)
The certificates listed below are required for safe work at GSI. Depending on the browser type or e-mail client (Internet Explorer, Outlook, Firefox, Thunderbird), they already exist or must be installed.
All necessary certificates can be found on the following Website:https://pki.pca.dfn.de/dfn-pki/dfn-ca-global-g2/2160
Note: The certificates required for Citrix can be found on this DFN-Webseite.
GSI employees can use certificates issued by DFN to sign e-mails to external recipients. These can be requested on the following website: https://pki.pca.dfn.de/gsi-ca-g2/pub
In the above example, you can see the request for a group certificate. Please give only your name without a prefix for a private certificate.
Please note that titles such as Dr. can only be included in the certificate if they are included in your ID.
Fill in the application, print it and give it personally by presenting a valid ID card to the GSI-registration staff. These are currently:
- Katharina Mader (BK1.3.028, - 3181)
- Ilona Neis (BK1.3.028, - 3038)
- Bastian Neuburger (BK1.3.027, -1740)
- Matthias Pausch (BK1.3.027, -1985)
- Walter Schön (BK1.3.034, -2126)
After the certificate is created by the certification authority, you will receive an email with a link to download the certificate in the memory of your browser.
Note: You must use the same device and browser for downloading as when applying.
To use the certificate to sign emails later, you must first export it to a file.
- Export from IE
- Export from FireFox
Installation on Mozilla Firefox
The links to download the individual certificates can be found here, if you must install certificates manually from the DFN web pages.
Please open the certificates respectively with "Page save as" save the certificates on your hard drive and open it. Then activate the following fields:
- Trust this CA to identify web sites
- Trust this CA to identify email users
and click OK.
Now the import is finished.
Installation on Internet Explorer
When your certificate is ready for usage, you will receive an email with a download link.
Please follow the instructions and import the certificate into your browser:
It is recommended for safe handling to sign your mails with an electronical certificate. First you need a corresponding (personal) certificate. (see above)
The use of this certificate can be configured in your preferred mail program.
- Outlook: see web site
- Thunderbird: see documentation (point 7.4.)
For questions about signing executable code (except VBA), e.g. for Powershell or LabView, please contact the Windows-Team.
Signing of VBA code
Since Office 2016, only digitally signed VBA projects have been approved for GSI / FAIR. All other macros are automatically disabled.
To sign VBA macros, you need a SmartCard (and a reader) with a certificate especially for code signing. If you need a new SmartCard please contact the User Help Desk.
No certificate is required for the pure usage of the macros.
Please start the VBA Editor in one of a Microsoft Office program via shortcut ALT + F11 and choose your VBA Project. Via Tools - Digital Signature ... you get to the corresponding menu.
Select the certificate you want to use. Check the details.
A window of the SafeNet Authentication Service appears. Give the password for the card. You used this when you created the certificate.
Save your file.
Note: If you change the code, the signature becomes invalid. So you must re-sign the code.