Skip to main content

Personal Certificates

The application for a security certificate for natural persons is made directly via a website of DFN-Verein.


  •  User certificates can only be issued to members and affiliates of the University of Bremen in terms of § 5 BremHG.
  •  The certificate is only issued to the university e-mail address. The certification of e-mail addresses hosted by a third party is not possible.
  • ATTENTION: The private key of your certificate will only be generated during the application process in the Internet browser used for this purpose on the PC used for this purpose and MUST be saved later on the same PC with the same Internet browser.


  • Important: Follow the instructions on the application pages. During the procedure, data which will be needed later on (especially your private key) will be stored in the internal memory of the browser used. Therefore, the browser must not be operated in private/incognito mode or be set so that history data is deleted when the browser is closed.
  • The first step is to choose a password for encrypting the data in your browser's memory. The password can be chosen freely - it has nothing to do with the master password of the browser!
  • Then select 'Request new certificate'. Fill out the form.
  • Present the certificate application in person with your identity card or passport at the ZfN offices. You will then be forwarded to a ZfN employee who is authorized to sign.
  • After verification, your certificate will be activated by the Centre for Networks and you will receive (generally within a few minutes) an e-mail with several links.
  • On the same PC with the same browser as you used when you applied for the certificate, you go to the website of the first link. Enter the password you initially chose for the browser memory. Then select the certificate request and choose 'Create certificate file'. You will be prompted to choose a password that will be used to encrypt the certificate file created in the following. This password is independent of the password for the browser store.
  • A file in PKCS#12 (.p12) format will be created. This file contains your certificate and private key and can be imported directly into many software products. A conversion to the also common PEM format (.pem) can be done with openssl for example:

            openssl pkcs12 -in your_P12_file.p12 -out your_PEM_file.pem

Further help can be found under:

FAQ of the German Research Network Certification Agency

Thunderbird Help