2. Submit certificate request
This guide demonstrates the process using Mozilla Firefox. Many
other browsers work just as well. (But we hear conspicuously often that
users have problems when uploading files with Apple Safari.)
The certification server can be found at the short address
Perhaps a page is displayed where you have to select the
certification server applicable to you (not shown here).
The full address begins with
“https://pki.pca.dfn.de/dfn-ca-global-g2/”. That page is
available in German only. Please click on
„Serverzertifikat“ (server certificate).
On the page displayed then frist select the certificate request
xxx.req created above:
The preselected „Zertifikatprofil“ (certificate profile)
“Web Server” is suitable not only for WWW servers but for
all server types that use the certificate only for accepting incoming
SSL/TLS/StartTLS connections, e.g. HTTPS, IMAPS, POP3S etc.
For server types also establishing SSL/TLS connections to other
servers like SMTP transport servers, the certificate profile
“Mail Server” is suitable.
Special servers may need special profiles. If in doubt, please ask
(Despite the header „Serverzertifikat“ you can also
request any kind of person certificates here. To do so, please select
the certificate profile “User”.)
Please also enter your contact data:
On the page displayed then enter your personal data. Here some
Vollständiger Name = Full name
Organisationseinheit = Organizational unit
Zentrale Nutzerkennung (...) = Central username
Telefon = Telephone
Ich verpflichte mich ... = I commit myself to obey the rules in the information for certificate holders
Ich stimme der Veröffentlichung ... = I agree that the certificate
with my name and my email address is published.
The PIN to be chosen will be needed later when online requesting the
certificate to be revoked prematurely (but you can always contact the
Committing to the regulations in the information for certificate holders is a mandantory
requirement for a certificate to be issued.
With „Weiter“ (continue) you get on the next page. Here
you check all data, then click on „Bestätigen“
Please click on „Zertifikatantrag anzeigen“ (show
certification request) to download the complete request form containing
your data and this fingerprint as a PDF file.
The PDF viewer built into newer Firefox versions is good enough for
this PDF file:
In the PDF file you will see your request number and the fingerprint
of the public key.
Print this PDF file, sign it, and deliver the request in person to
participant service staff member, showing your ID card or
On the map you can
look up what staff members are located near you. The exact contact data
can be found below:
Alternatively, you could send the PDF file by digitally signed email
requesting the certificate to be issued to firstname.lastname@example.org. (For this you
need a personal
digital ID.) However, this causes additional work for the CA