What is a "client certificate" and how can I get one?
Certificates can digitally prove users' identity to other users or services. Different authentication methods can be used to authenticate a user within a specific context. S/MIME adds a cryptographic authentication layer to e-mail communication. Using client certificates, users have cryptographic proof that an e-mail or document originates from a particular user and that the information was not modified. In addition, users can encrypt information and make communication confidential between users. Besides the use with e-mail, digital certificates can be used within different contexts:
- Securing e-mail communication with S/MIME (e.g., with Outlook, Thunderbird)
- Online identity verification (e.g., in online registration processes)
- Online authentication (e.g., on websites or other services)
TUM provides X.509 user certificates free of charge in collaboration with DFN and the DFN PKI for its members, which can be used for the purposes described above. Additional information
These client certificates are not suitable for signing documents in the context of TUM and do not meet the requirements for qualified signatures. These client certificates are also not an alternative to advanced signatures for documents created in accordance with eIDAS.
Sectigo provides for the appropriate use of the Secure/Multipurpose Internet Mail Extension(s) (S/MIME) certificates for the cryptographic signing and encryption of e-mails (described under 1.4 in "Sectigo WebPKI S/MIME Certificate Practice Statement").
And this is how you can obtain a certificate:
1. Register on-line
Log-in to TUMonline and select "E-mail Addresses". There, further down, you'll find "E-Mail Certificates" where you can request a certificate for your personal or shared e-mail addresses with one click. For other addresses / certificates please follow these instructions.
2. Obtain your certificate on-line
After you request a certificate, you'll receive an e-mail with a link to a portal provided by Sectigo. There, you can download your certificate after providing a passphrase. You'll need this passphrase to open or import the downloaded certificate.
3. Install your certificate and import it into yout e-mail program (Outlook)
Please read our step-by-step instructions.