User Certificates
These user certificates can be used for document signing, as well as for email signing and encryption.
User certificates can be issued for an individual or, on a task-specific basis, as a group certificate. The applicant must be the individual themselves or a person authorized to access the group’s task-specific mailbox. Group certificates without their own email address cannot be issued.
The form for issuing a user certificate can be found on the PKI-Portal (access is limited to current or former full-time university employees). User certificates are valid for two years. No automatic email notification will be sent before the certificate expires.
Group Certificates (Task-Related Purposes)
User certificates for task-related purposes cannot currently be issued through the PKI portal. Until this feature is available, you can obtain the certificates directly from our certification authority.
Please note that a task-specific email account must be created, and separate access must be set up for each address. Below are instructions for obtaining such a certificate:
- Open the website https://cm.harica.gr/
- Click Sign Up at the top of the login page
- Fill out the form with the details of the task-specific email account
- Click Sign Up again at the bottom of the form
- Activate the account using the email sent to your inbox
- Log in now using the email address and the password you provided earlier
- On the left, under Certificate Requests, click Email
- Click Select next to Email-only, and then click Next
- In the next section, click Next again
- Check the box and then click Submit
- You will receive another email in which you must confirm your certificate request
- Now click on Enroll your Certificate
- Select 4096 for Key Size
- Set a secure password for the certificate, check the box, and click Enroll Certificate
- Finally, click Download
Uses for Email
The certificates can be used for email signing and encryption with S/MIME. They are considered trustworthy on all current systems, and S/MIME is supported by all popular email programs.
Uses for PDF
Digital documents can be signed with a certificate-based signature (cryptographic signature). This is primarily used for PDF documents. Please sign documents digitally only with your personal certificate (not with group certificates), just as you would sign them by hand with your own name.
To digitally sign PDF documents, you can use either Adobe Acrobat Reader DC or Adobe Acrobat Pro DC. Signed documents can be verified for authenticity and integrity. This allows you to confirm beyond a doubt that the content originates from the signer and has not been altered. The appearance of the signature can be customized to display, for example, your handwritten signature.
Validity of the signatures
Certificates obtained through the IT Service can be used to create advanced electronic signatures in accordance with the eIDAS Regulation. These signatures are automatically trusted on all centrally managed devices at the university. Furthermore, as expected, they can be used throughout the broader German and European higher education community, since many other institutions utilize the TCS PKI service, which is provided by the DFN via GÉANT.
In all other areas, as well as for university devices that are not centrally managed (such as personal devices or Mac systems), müssen preparations must be made to ensure that the signatures appear as trusted in Adobe Acrobat Reader DC and Adobe Acrobat Pro DC.
These certificates cannot meet advanced requirements such as qualified electronic signatures and document signatures that Adobe trusts without prior configuration. To meet these requirements, you must purchase an appropriate commercial certificate.
A list of issuers trusted by Adobe can be found on their website in the Adobe Approved Trust List (AATL). The corresponding certificates can be found on the respective companies' websites.
For qualified signatures, Adobe provides the European Union Trusted Lists (EUTL), which includes all certificate authorities that comply with the EU's eIDAS Regulation.