Certificates at GSI

An electronic certificate guarantees the integrity of signed electronic documents.

The certificates at GSI are in use for different purposes:

  • DFN certificatesto sign e-mails
  • GSI security certificatesfor browsersand emailClients
  • GSI certificates for signing executable code (e.g. bat, exe, VBA, Powershell, etc.)

The certificates listed below are required for safe work at GSI. Depending on the browser type or e-mail client (Internet Explorer, Outlook, Firefox, Thunderbird), they already exist or must be installed.

All necessary certificates can be found on the following Website:https://pki.pca.dfn.de/gsi-ca-g2/pub

Note: The certificates required for Citrix can be found on this DFN-Webseite.

GSI employees can use certificates issued by DFN to sign e-mails to external recipients. These can be requested on the following website: https://pki.pca.dfn.de/gsi-ca-g2/pub

https://www.gsi.de/fileadmin/IT/Screenshots/Zertifikate/Zertifikat_PKI.png
GSI Certificate
Applying a GSI Certificate
K. Mader, IT-Sec, GSI Helmholtzzentrum für Schwerionenforschung GmbH

In the above example, you can see the request for a group certificate. Please give only your name without a prefix for a private certificate.

Please note that titles such as Dr. can only be included in the certificate if they are included in your ID.

Fill in the application, print it and give it personally by presenting a valid ID card to the GSI-registration staff. These are currently:

  • Katharina Mader (BK1.3.028, - 3181)
  • Ilona Neis (BK1.3.028, - 3038)
  • Bastian Neuburger (BK1.3.027, -1740)
  • Matthias Pausch (BK1.3.027, -1985)
  • Walter Schön (BK1.3.034, -2126)

After the certificate is created by the certification authority, you will receive an email with a link to download the certificate in the memory of your browser.

Note: You must use the same device and browser for downloading as when applying.

To use the certificate to sign emails later, you must first export it to a file.

  • Export from IE
  • Export from FireFox

Installation on Mozilla Firefox

The links to download the individual certificates can be found here, if you must install certificates manually from the  DFN web pages.

 Please open the certificates respectively with "Page save as" save the certificates on your hard drive and open it. Then activate the following fields:

  • Trust this CA to identify web sites
  • Trust this CA to identify email users

and click OK.
Now the import is finished.

https://www.gsi.de/fileadmin/IT/Screenshots/Zertifikate/Zertifikat_FF_01.jpg

Installation on Internet Explorer

When your certificate is ready for usage, you will receive an email with a download link.

Please follow the instructions and import the certificate into your browser:

https://www.gsi.de/fileadmin/IT/Screenshots/Zertifikate/Zertifikat_BrowserImport_01.png
https://www.gsi.de/fileadmin/IT/Screenshots/Zertifikate/Zertifikat_BrowserImport_02.png
https://www.gsi.de/fileadmin/IT/Screenshots/Zertifikate/Zertifikat_BrowserImport_03.png

It is recommended for safe handling to sign your mails with an electronical certificate. First you need a corresponding (personal) certificate. (see above)

The use of this certificate can be configured in your preferred mail program.

For questions about signing executable code (except VBA), e.g. for Powershell or LabView, please contact the  Windows-Team.

 

Signing of VBA code

Since Office 2016, only digitally signed VBA projects have been approved for GSI / FAIR. All other macros are automatically disabled.

To sign VBA macros, you need a SmartCard (and a reader) with a certificate especially for code signing. If you need a new SmartCard please contact the User Help Desk.

No certificate is required for the pure usage of the macros.

https://www.gsi.de/fileadmin/IT/Screenshots/VBA/VBACodeSigning07_NurSignierteMakros_eng.png
Digital signing of VBA code, security options
Digital signing of VBA code, security options
Screenshot: GSI Helmholtzzentrum für Schwerionenforschung, IT Abteilung

How to

Please start the VBA Editor in one of a Microsoft Office program via shortcut ALT + F11 and choose your VBA Project. Via Tools - Digital Signature ... you get to the corresponding menu.

https://www.gsi.de/fileadmin/IT/Screenshots/VBA/VBACodeSigning01_VBAEditor_eng.png
https://www.gsi.de/fileadmin/IT/Screenshots/VBA/VBACodeSigning02_Extras_eng.png
Digital signing of VBA code, start the VBA editor
Digital signing of VBA code, menu Tools
Digital signing of VBA code, start the VBA editor
Digital signing of VBA code, menu Tools
Screenshot: GSI Helmholtzzentrum für Schwerionenforschung, IT Abteilung
Screenshot: GSI Helmholtzzentrum für Schwerionenforschung, IT Abteilung

Select the certificate you want to use. Check the details.

https://www.gsi.de/fileadmin/IT/Screenshots/VBA/VBACodeSigning03_SignaturWaehlen_eng.png
https://www.gsi.de/fileadmin/IT/Screenshots/VBA/VBACodeSigning04_SignaturWaehlen_eng.png
https://www.gsi.de/fileadmin/IT/Screenshots/VBA/VBACodeSigning05_ZertifikatDetails_eng.png
Digital signing of VBA Code, Selection
Digital signing of VBA Code, Selection
Digital signing of VBA Code, Details
Digital signing of VBA Code, Selection
Digital signing of VBA Code, Selection
Digital signing of VBA Code, Details
Screenshot: GSI Helmholtzzentrum für Schwerionenforschung, IT Abteilung
Screenshot: GSI Helmholtzzentrum für Schwerionenforschung, IT Abteilung
Screenshot: GSI Helmholtzzentrum für Schwerionenforschung, IT Abteilung

A window of the SafeNet Authentication Service appears. Give the password for the card. You used this when you created the certificate.

https://www.gsi.de/fileadmin/IT/Screenshots/VBA/VBACodeSigning06_KartenCredentials_eng.png
Digital signing of VBA code, Credentials of the SmartCard
Digital signing of VBA code, Credentials of the SmartCard
Screenshot: GSI Helmholtzzentrum für Schwerionenforschung, IT Abteilung

Save your file.

Note: If you change the code, the signature becomes invalid. So you must re-sign the code.

https://www.gsi.de/fileadmin/IT/Screenshots/VBA/VBACodeSigning08_MeldungNichtSignierteMakro_eng.png
Digital signing of VBA code, error message
Digital signing of VBA code, error message if your code is not signed
Screenshot: GSI Helmholtzzentrum für Schwerionenforschung, IT Abteilung

If you have any further questions or remarks, please contact it-service.