Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of contents:

Table of Contents
maxLevel2


Excerpt Include
IT Knowledge Base
IT Knowledge Base
nopaneltrue

Note

Switch to the page in German language




Section


Column
width200px


Panel
borderWidth2
borderStylesolid



Mail certificate



Column
width20px



Column
width200px


Panel
borderWidth2
borderStylesolid


Machine certificate



Column
width20px



Column
width200px


Panel
borderWidth2
borderStylesolid


Server certificate



Column








Info
titleService Information

IT-Service Catalog


Info
iconfalse
titleLinks

Secure Handling of Email




Service description


Info
iconfalse

Description

The PKI certificate management service supports customers in purchasing, administration, storage and roll-out of various types of certificates. A high level of automation and user guidance obviously simplifies certificate handling.

The current focus is on user certificates for mail signatures and mail encryption, machine certificates for authentication on the network, and TLS/SSL certification for secure identification and encrypted communication with servers of ETH.

Customer Benefit

Handling certificates is partly very complex. Automation, user guidance and central storage of all certificates can result in an enlarged use of certificates, since end users can mostly manage their certificates without the assistance of the support group. This is  especially interesting for user certificates because of they represent personal identity.

Increased use of certificates will enhance security at ETH. First, through improved authentication of machines in the ETH network and two-factor authentication in the VPN area. Second, by signature and if necessary encryption of mails of ETH members and organisational units.

Customer Groups / Cost 

Purchase of user and TLS/SSL certificates from QuoVadis and DigiCert is free of charge for ETH members. IT Services bear the costs. In the event of disproportionate use or misuse, the IT Services reserve the right to charge the costs.

ETH employees can:

  • obtain personal user certificates for the signature and encryption of emails after they are released by their responsible ISG;
  • obtain user certificates for a shared mailbox after activation by their responsible ISG.

ISGs can:

  • obtain TLS/SSL certificates, both from the ETH as well as from DigiCert;
  • obtain machine certificates for network authentication for AD joined devices for their network zones;
  • obtain machine certificates for network authentication for devices in device management systems for their network zones.

ETH employees and students can:

  • receive machine certificates for network authentication of self-managed devices after activation by the VPZ owner.