How long is a certificate valid?

Certificates issued by BTU CA Global for users are valid for two years. Server certificates are valid for 365 days.

What happens when a certificate expires?

In this case, a new certificate must be requested. If the certificate has been used for encryption/digital signatures, the old certificate must not be removed from the mail client, otherwise old encrypted emails will no longer be readable.

If the certificate is used for WLAN/VPN access, expired certificates should be removed from the VPN client and the new certificate imported.

What are the passwords used for?

The PIN to be assigned on the DFN website is required to

• block a certificate if necessary,
• import the certificate into the browser when selecting ‘Do not publish certificate’.

Depending on the browser used:

Microsoft Internet Explorer:

• The private key must be protected by a strong password – this password is requested each time the private key is accessed.
• When exporting the certificate, the file containing the certificate and private key (the pfx file) must be protected by a strong password – this password is requested each time the file is accessed.

Mozilla Firefox:

• The master password protects all certificate settings in the programme – this password is requested each time the private key is accessed.
• When exporting the certificate, the file containing the certificate and private key (the *.p12 file) must be protected with a strong password – this password will be requested each time the file is accessed.

What must be observed when handling certificates?

The public key portion (the certificate) can be made available to the public.

The private key (e.g. in the *.p12 or *.pfx file) must never be disclosed to anyone else. The key holder must protect these files with strong passwords and ensure that they are not lost or stolen. When storing them on computers, care must be taken to ensure that no other user has access to this data.

What happens if the certificate with the private key (e.g. in the *.p12 or *.pfx file on a USB stick, laptop, etc.) is lost or stolen and/or the passwords have been compromised?

The certificate must be blocked immediately. To do this, a blocking request must be submitted or the BTU CA Global staff must be notified. A new certificate can be requested without any problems.

Are there any risks associated with the use of certificates?

If unauthorised persons gain access to the private key (e.g. in a *.p12 or *.pfx file), they can misuse the certificate to sign emails without authorisation or gain access to services (e.g. Wi-Fi/VPN) at BTU Cottbus-Senftenberg. In this case, the certificate must be blocked immediately. To do this, a blocking request must be submitted or the BTU CA Global staff must be notified. A new certificate can be requested without any problems.

What should be considered when using certificates on a computer with multiple users?

• Each user should have their own account.
• The account should be protected by a strong password.
• Each user must protect their certificate settings with strong passwords.
• Administrative accounts should only be used when absolutely necessary. Example: you should never surf the Internet with administrator rights.