Our certificate and its public key infrastructure
Though most of our pages are available to anybody, there are a few exceptions. In these cases cryptography is used to guarantee that only legal users can access the protected content. Also if you want authenticated content you can create and use an account for our website. As usual within the www our server supplies a certificate and your browser tries to check whether it is valid, contains the correct information, is issued for the correct server, and so on. To do that your browser verifies a digital signature. To do that it needs a certificate for our issuer. To verify that again it needs another certificate for the issuer of our issuer's certificate. And so on... If there would not soon come a break this would continue ad infinity. So your browser has a few root certificates built-in. If you are lucky then your browser does know a certificate in the chain from us to our root. Otherwise you need to install one to use our protected pages.
Certificate is not accepted or cannot be verified
If your browser does not accept our certificate with the error code sec_error_unknown_issuer or similar, this is probably because it does not have the root certificate of the public key infrastructure that we belong to.
In this case
- upgrade your browser (well, you should do that regularly anyways), or
- make a temporary(!) exception, or
- install the root certificate with careful cross checking.
To our knowledge the browsers Firefox 3.0.12 and later, internet explorer, any browser on Apple systems, Opera, SeaMonkey 1.1.18 and later, are delivered with the mentioned root certificate installed.
Install root certificate
Our certificate is issued by "Universitaet Bonn CA". This in turn is issued by "DFN-Verein PCA Global - G01", which finally is issued by the root "Deutsche Telekom Root CA 2". You can find information about the latter two at the corresponding DFN page. To install one of the certificates in firefox, say, you just need to click on the corresponding ".crt" link. But be careful, your further security is given away if you allow a forged certificate into your system. It's a good idea to cross check the fingerprint, at least. As of July 2009, the "Wurzelzertifikat Deutsche Telekom Root CA 2" has the SHA1 Fingerprint 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF. Your browser should also show this fingerprint when displaying the certificate.