DFN-PKI - Service via IRB
The IRB and IMT offer X.509 certificates for your servers and VMs on our cluster via a cooperative agreement with the PKI of the Deutsche Forschungsnetzwerk (DFN-PKI). Such a certificate can, for example, be used to run a TLS-secured Webserver. We can help you install these certificates in your servers if you'd like.
Requesting a Certificate
We direct you to the IMT's Tutorial for certificate creation. Please note that you will be asked to submit your request in writing as part of the process.
Submitting your Paperwork
Your paperwork should be submitted directly to the IMT if you are located at the main campus. We also have two employees on staff at the Fürstenallee location that can process your paperwork and verify your ID, if you would like to avoid a trip to the main campus.
If you would like to take advantage of the later, please make an appointment with Michael Utermöhle or Tobias Schultz Friese, preferably via telephone.
Let's Encrypt
You may also use Let's Encrypt, which is a service of the Internet Security Research Group (ISRG), to obtain a supported X.509 Zertifikate.
Please note that certificates obtained this way are Domain Validated, have a short lifetime, and are subject to rate limits shared by hosts in the domain uni-paderborn.de. We recommend setting up automatic renewal.
The IMT firewall does not allow HTTP traffic to reach your server by default. You must explicitly allow this to be able to use the Let's Encrypt HTTP challenge. We do not yet offer direkt support for the DNS challenge type.