Last modified by Aysegül Omus on 2024/05/16 17:24
Show last authors
1
2
3 = Install CIT Client Certificate =
4
5 This describes how to install the ITO certificate.
6
7
8 On this [[page>>https://xwiki.rbg.tum.de/bin/view/Informatik/Helpdesk/BenutzerZertifikate]], you will find further information on applying for and extending the CIT user certificate.
9
10
11
12 {{toc/}}
13
14
15
16
17 The following instructions were made for specific configurations (OS + Software). If you use a different configuration or have problems with the installation, please feel free to visit the [[Helpdesk>>Informatik.Helpdesk.WebHome]].
18
19 == 1. Browser ==
20
21 === 1.1. Google Chrome ===
22
23 Google Chrome was tested in Version 65.0.3325.181 under Windows 10 & Mac OS High Sierra. Chrome uses the certificate via the integration in the OS (look below). Despite the successful installation of the certificate, it did not work under Mac OS High Sierra with the Chrome Browser.
24 {{id name="WinFirefoxAnchor"/}}
25
26
27 === 1.2. Firefox ===
28
29 * For the Installation of the certificate, you have to open the Preferences:
30 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_0.png||alt="firefox_0.png" height="572" title="firefox_0.png" width="316"]]
31
32
33 * Under the Menu go to **→Privacy & Security →View Certificates**:
34 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_1.PNG||alt="firefox_1.PNG" height="727" title="firefox_1.PNG" width="671"]]
35
36 * There, go to **Your Certificates** and then to **Import**. Afterward, choose your certificate with the suffix **.p12** and click **open**.
37
38 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_2.PNG||alt="firefox_2.PNG" height="453" title="firefox_2.PNG" width="920"]]
39
40
41 * In the next window, you have to fill in your passphrase:
42
43 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/firefox_3.PNG||alt="firefox_3.PNG" height="153" title="firefox_3.PNG" width="598"]]
44
45 * Your certificate was imported successfully.
46
47 === 1.3. Safari ===
48
49 If the certificate is imported into the keychain (Schlüsselbund), it will automatically be integrated into Safari.
50
51 == 2. Email-Client ==
52
53
54 === 2.1. Thunderbird (Windows/Linux) ===
55
56
57
58 On the bottom left, you'll find a cog wheel; click on it to open settings.
59
60 [[image:1710762049501-575.png]]
61
62
63 Next up, click the Lock Icon on the left bar and scroll until you find the certificates section. Click on "**Manage Certificates**".
64
65 (Make sure you downloaded your "**certificate with private key**" from https:~/~/my.ito.cit.tum.de/zertifikat/ )
66 [[image:1710762103262-173.png]]
67
68
69
70
71 Go to the "**My Certificates**"-Section, click on **import**, and select the certificate you previously downloaded.
72 [[image:importieren.png||height="506" width="1021"]]
73
74
75
76 You'll be prompted to enter the passphrase you received when requesting a certificate on the website mentioned above.
77 [[image:passphraseeingeben.png||height="517" width="1042"]]
78
79
80
81 (% class="box infomessage" %)
82 (((
83 (In case you forgot it, request a new certificate, wait a bit, refresh the website, download the certificate, and try again.)
84 )))
85
86
87 Lastly, click on the icon **above** the **puzzle piece**.
88 [[image:1710762127504-179.png]]
89
90
91 On the left, in the light grey column, click **End-to-End-Encryption** and scroll down until you find **S/MIME**.
92 [[image:1710762116312-799.png]]
93
94
95
96
97 Click on **Select**, and you'll be offered only one option: select it.
98
99 [[image:zertifikatauswählenfüraccount.png||height="448" width="1106"]]
100
101 Confirm any window that may pop up right afterward. That's it, congratulations!
102
103 [[image:zertifikatauswählenfueraccount3.png||height="522" width="1101"]]
104
105
106
107 [[image:zertifikateausgewähltfueraccount.png||height="532" width="1122"]]
108
109
110
111
112
113 === 2.2. Windows-Outlook 2016 ===
114
115 * In the Menu go to **File** → **Options**:
116 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_0.PNG||alt="outlook_0.PNG" height="472" title="outlook_0.PNG" width="754"]]
117
118
119
120
121 * Now go to **Trust Center** → **Preferences for the Trust Center...**
122 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_1.PNG||alt="outlook_1.PNG" height="545" title="outlook_1.PNG" width="756"]]
123
124
125
126
127 * Then go to **E-Mail-Security** → **Import/Export**:
128 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_2.PNG||alt="outlook_2.PNG" height="549" title="outlook_2.PNG" width="759"]]
129
130
131
132
133 * In the next window click on **Open...** and choose your certificate with the suffix **.p12**.
134 * The passphrase can be entered in the field **Password**. Verify your password with **OK**:
135 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_3.PNG||alt="outlook_3.PNG" height="550" title="outlook_3.PNG" width="1096"]]
136
137
138
139
140 * The following message can be accepted with **OK**:
141 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_4.PNG||alt="outlook_4.PNG" height="389" title="outlook_4.PNG" width="354"]]
142
143
144
145
146 * Your certificate was imported successfully into Outlook.
147 * Using the following settings, you can set the encryption/signature as default:
148 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_5.PNG||alt="outlook_5.PNG" height="569" title="outlook_5.PNG" width="782"]]
149
150
151
152
153 * You can go to **Options** and use the following options to enable or disable the **encryption/signature**:
154 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/outlook_6.PNG||alt="outlook_6.PNG" height="127" title="outlook_6.PNG" width="493"]]
155
156
157
158
159 === 2.3. Windows-Outlook 2019 ===
160
161
162 Open Outlook and click **File** in the tab.
163 [[image:20file.png||width="900"]]
164
165
166 Then open **Options** in the left area.
167 [[image:1options.png||width="900"]]
168
169
170 In the opened window, select **Trustcenter**
171 [[image:2trustcenter.png||width="1000"]]
172
173
174 Click the **Settings** button for the trust center.
175 [[image:3trustcentersettings.png||width="1000"]]
176
177
178 In the next dialog box, click **Security Center** and then on **E-Mail Security**. Under the Digital IDs (Certificates) section, select **Import / Export**.
179 [[image:1trustcenteremailsecuritsimportexport.png||width="900"]]
180
181
182 In the opened window, go to **Search**. Select the correct certificate and confirm with **OK**. For **Import / Export digital ID** enter the password that was assigned during the export process from Firefox has been. Then click **OK**.
183 [[image:35importexport.png||height="814" width="743"]]
184
185 You can complete the process with **OK**. Then, the medium security level will be selected. You can also click Set security level to adjust this setting.
186 [[image:16setsecuritylevel.png||width="900"]]
187
188 You can choose medium or high-security levels.
189 [[image:17highsecuritylevel.png||height="584" width="775"]]
190
191
192 If you select the high-security level, you must choose a password that you have to use before encrypting and decrypting the e-mail.
193 [[image:18createapassword.png||width="900"]]
194
195
196 Confirm the change with **OK** and then close all windows. If you want to select the medium security level, you have to click **Set security level** again.
197 [[image:91importinganewprivateexchangekey.png||width="900"]]
198
199
200 If you want to write an encrypted email, you have to enter the chosen password.
201 [[image:30emailverfassen.png||width="900"]]
202
203
204
205 Your ITO certificate has now been imported into Outlook, and you can select it under **Encrypted e-mail messages** using the **Settings** button for the e-mail address.
206 [[image:Out51.png||width="900"]]
207
208
209 You should see the certificate you installed under **Signature Certificate** and **Encryption Certificate**. If not, you still have to select the certificate by clicking the **Select** button.
210 [[image:Out61.png||width="900"]]
211
212
213 Here, you can see the certificate issuer and the expiration date.
214 [[image:Out71.png||width="900"]]
215
216
217
218 === 2.4. Windows Outlook 2021 ===
219
220
221 In Progress
222
223 === 2.5. Mac Outlook 2019 ===
224
225 First, click **Outlook** in the tab, then **Preferences**.
226 [[image:outlookpreferences.png||height="335" width="235"]]
227
228 Select **Accounts**.
229 [[image:accounts.png||width="900"]]
230
231 Then select your CIT account in the open window on the left and click on **Advanced**.
232 [[image:advanced.png||width="900"]]
233
234 Click on the **Security** tab and select the ITO certificate to sign and encrypt the emails.
235 [[image:4certnotselected.png||width="900"]]
236
237 [[image:5chooseacertificate.png||height="191" width="425"]]
238
239 [[image:6certauswaehlen.png||height="676" width="728"]]
240
241 Confirm your selection with **OK**.
242 [[image:7certausgewaehltok.png||height="526" width="724"]]
243
244
245 == 3. Operating Systems ==
246
247
248 === 3.1. Windows ===
249
250 The certificate is installed on the whole OS, meaning it can be used by **Internet Explorer** and **Windows Mail** (but not for Firefox).
251
252 * Usually, you can double-click on the certificate, and the certificate-import-assistance will start; if the certificate-import-assistance doesn't start, follow the guide that follows:
253 * In the start menu, click on **Control Panel** and afterward choose **Internet options**.
254 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/internetOptionen.png]]
255
256
257
258
259 * Then choose **Contents** and then choose **Certificates**:
260 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/inhalteZertifikate.png]]
261
262
263
264
265 * Go to **Your Certificates** and then choose **Import...**:
266 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatImportieren.png]]
267
268
269 {{id name="WinAssistentAnchor"/}}
270
271 * Now the certificate-import-assistance will start; click on **Continue**.
272 * Click **Open** and choose the certificate - choose the suffix **.pfx or .p12 , else you won't** be able to see the files.
273 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatFormat.png]]
274
275 * Click on **Continue**
276 * Enter the passphrase
277 * Also choose to make your key exportable and then click on **Continue**.
278 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatPassphrase.png]]
279
280
281 * In this window, click on **Continue**.
282 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/zertifikatSpeicher.png]]
283
284
285
286
287 * In the end, click on **Finish** and verify the last window with **OK**.
288 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/importvorgangErfolgreich.png]]
289
290
291
292
293 * Your certificate should be visible under **Your Certificates**.
294
295 === 3.2. Mac OS X ===
296
297 Double-click on your certificate.
298
299 * Now in the **Add Certificates** - Window click on **Add**
300
301 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/appleCertificate.png]]
302
303
304
305
306 * Enter your certificate passphrase
307 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/applePasswd.png]]
308
309
310
311
312 * The certificate is now ready to use and can, for example, be used in Apple Mail to sign and encrypt your messages.
313 [[image:https://xwiki.rbg.tum.de/bin/download/Informatik/Helpdesk/BenutzerZertifikate/WebHome/applemail_1.png||alt="applemail_1.png" height="307" title="applemail_1.png" width="466"]]
314
315
316
317
318
319
320 == 2. FAQ ==
321
322
323 === My certificate is in .pem format, but my program only accepts .p12 format. What should I do? ===
324
325 The certificate you downloaded from the Self-Service Portal (ssp.cit.tum.de) is in .pem format, and some client programs do not support it. This problem is easily solved. All you have to do is find a program that accepts .pem files. Firefox is one of them, and since it is widespread, we'll assume that Firefox is being used for this guide.
326
327 Now to the real issue: 
328
329 1) Make sure your old expired certificate is installed in Firefox. If it is not installed there, you must export the old certificate from another application and import it into Firefox. How to export a certificate can be found in our [[Wiki instructions>>https://xwiki.rbg.tum.de/bin/view/Informatik/Helpdesk/ZertifikatExportieren#Firefox]].
330
331 2) Import the new certificate (.pem-file) in Firefox. How to install a certificate can be found above on this page.
332
333 3) Export the new certificate from Firefox.
334
335
336 Voilà! Now you have a new .p12 file, which can be imported into other programs as usual.
337
338
339 **Note**: Please be aware that when importing the new .p12 file, you must change its settings as usual. In particular, you must also adjust the account settings for Thunderbird. Select the new certificate under **Account Settings** -> **End-to-End Encryption** -> **S/MIME**.
340
341 If you encounter some problems, contact: support@ito.cit.tum.de