Request for a smartcard logon certificate

If you want to use a certificate to use a smartcard or a cryptotoken to log on to a Windows computer in an Active Directory domain, then you need a special smartcard logon certificate. This is issued using a special certificate profile that cannot be selected on the request pages of the certification server and cannot be used for email encryption.

Since smartcard logon does not require integration into a global public key infrastructure (PKI) (our new partner GÉANT TCS no longer offers smartcard logon certificates at all), you should have the required certificate issued by the internal certification authority (CA) of your Active Directory domain. To do so, please directly contact the administrators of the central WWU domain.

Further notes

You should then import the file with the finished digital ID using the appropriate hardware-specific software (e.g. the SafenetAuthentication Client for eTokens) onto the smart cards or crypto tokens.

In contrast to digital IDs for emails, you should not save the file as a backup afterwards, but destroy it:

• Even after a long time, digital IDs for emails are still needed to decrypt encrypted emails.

• Digital IDs for logon purposes, however, can be replaced by new digital IDs at any time because they are not used for encryption.