Request for a personal certificate

As a member of an institution supplied by the certification authority (CA) of the University of Münster you may request a personal certificate

This applies only to persons whose identity was once sufficiently well controlled. This is the case for most university employees. The others can identify themselves to a participant service staff member beforehand and will then be enabled.

Globally recognized user certificates from GÉANT TCS for e-mail and WWW

These certificates can be used for electronic signing and encrypting emails with S/MIME, but also to identify oneself to WWW applications, to computers, to other access control systems, and much more.

You can obtain a complete new digital ID consisting of a new key pair, personal certificate and intermediate CA certificates in the following way:

  • Using the IT portal as described here. This way you will immediately receive your digital ID.

With this method, your key pair is generated by the IT portal but not kept.

PDF certificates for signing PDF files

The above user certificates from GÉANT TCS are not suitable for PDF files.

If you want to sign PDF files for university internal purposes only, you can find the item “PDF-ID” in the IT portal, which works almost the same way, but provides a digital ID that is not suitable for e-mail and WWW, but for signing PDF files.

If you want to sign PDF files in such a way that these signatures are also recognized as valid outside the university (within the European Union even by authorities and courts), then you need qualified certificates.

General notes on encrypting e-mails

(These notes apply to encrypting, not signing.)

As the successful EFAIL attacks have shown, there are a wide variety of vulnerabilities both in the S/MIME and PGP/MIME protocols themselves and in many implementations.

The flaws in the implementations could or can be fixed, but the fundamental vulnerabilities in the protocol itself are irreparable. (The problem is not so much in the encryption algorithms themselves, but in how they are used in the protocols and how these are realized in the software).

For securing moderately confidential communication without long-term safety requirements, S/MIME may still be sufficiently secure; however, when it comes to truly confidential data, we can no longer recommend exchanging it via e-mail.

Here you should use modern software designed for end-to-end-security from the very beginning and thoroughly analyzed and recommended by experienced cryptologists, for example, the messenger „Signal“.