The new KIT-CA portal has made it much easier to obtain certificates required for signing and encrypting emails. Until recently, issuing a certificate was a paper-based process involving manual checks.
For the first time, the application process for personal certificates is fully automated. Certificate issuance requires no intervention from KIT-CA staff, the certificate can be downloaded directly. Publication in the global address book and inclusion in the CA search also works automatically.
After identifying yourself at the SCC Servicedesk, your name can be added to the certificate in addition to your email address. In order to identify any errors, the new certificate portal went online in mid-June without any major announcement. After a successful start-up phase, all KIT employees and students were informed about the new portal by email. Additionally, two-factor authentication was activated for portal access to prevent misuse by compromised accounts.
All employees and students are advised to obtain a personal certificate and to always sign their emails. If personal data belonging to third parties is sent by email, encryption is mandatory in order to comply with data protection requirements. If possible and not already done, you should first carry out personal identification at a suitable registration office in order to obtain a certificate with identification. However, it is now also possible to obtain a certificate without personal identification.
Functional certificates cannot be obtained completely automatically at this time: Certificate applications are first checked by KIT-CA staff. If there are no compliance violations, the certificate is issued. The user can then retrieve the certificate with a saved file and a file that is sent by email.
Further information about the concepts behind certificates can be found in the documentation.
Klara Mall, Peter Oettig, Heiko Reese and Konstantin Zangerle