Logo Universität Bremen, back to home

Search

Wildcard: asterisk (*)
Department 8 - IT Service Center

Server Certificates

Request server certificates manually

You can apply for security certificates for servers via the university's Onlinetools.

Notes:

  •  Server certificates can only be issued for servers of the University of Bremen and its institutes and departments.

Procedure:

  • In Onlinetools select 'Server Certificate', then select 'Request new user certificate'. Fill out the request form. 
  • During the first step you are asked to choose a password. This password is used to encrypt your private key. The password can be chosen freely - it has nothing to do with any e-mail accounts or other digital services. 
  • After verification, your certificate will be activated and it can be then downloaded in several formats.

Please understand that we cannot provide detailed descriptions of how certificates work or how certificates and keys can be integrated into the server software you use. Please consult the documentation of the software product first.

Automating server certificates with ACME

Server certificates can also be obtained automatically via ACME through the certificate infrastructure. The procedure is well documented by the DFN:

doku.tid.dfn.de/de:dfnpki:tcs:2025:acme_personal

  1. Log in to the certificate service provider Harica using your university account - under “Academic Login” with the Institution University of Bremen's Single Sign-on:
    https://cm.harica.gr/Login
  2. Select “ACME” from the menu on the left
  3. You can now set up to three ACME accounts, which you can use with certbot, for example (more information on the DFN page linked above or in the certbot documentation)

To issue the certificate, you will have to complete an ACME challenge to verify your authorization to use the hostname within the University of Bremen’s domains.

For all domains whose nameserver zones are managed by Department 8 (in particular for *.uni-bremen.de, with the exception of FB3 domains), only an HTTP challenge is currently possible. DNS challenges are not supported. Since wildcard certificates require a DNS challenge, wildcard certificates cannot currently be obtained this way.

Updated by: Webredaktion-Serverdienste
RSS
Print page