The PKI certificate management service supports customers in purchasing, administration, storage and roll-out of various types of certificates. A high level of automation and user guidance obviously simplifies certificate handling.
The current focus is on user certificates for mail signatures and mail encryption, machine certificates for authentication on the network, and TLS/SSL certification for secure identification and encrypted communication with servers of ETH.
Handling certificates is partly very complex. Automation, user guidance and central storage of all certificates can result in an enlarged use of certificates, since end users can mostly manage their certificates without the assistance of the support group. This is especially interesting for user certificates because of they represent personal identity.
Increased use of certificates will enhance security at ETH. First, through improved authentication of machines in the ETH network and two-factor authentication in the VPN area. Second, by signature and if necessary encryption of mails of ETH members and organisational units.
Customer Groups / Cost
Purchase of user and TLS/SSL certificates from QuoVadis and DigiCert is free of charge for ETH members. IT Services bear the costs. In the event of disproportionate use or misuse, the IT Services reserve the right to charge the costs.
ETH employees can:
- obtain personal user certificates for the signature and encryption of emails after they are released by their responsible ISG;
- obtain user certificates for a shared mailbox after activation by their responsible ISG.
- obtain TLS/SSL certificates, both from the ETH as well as from DigiCert;
- obtain machine certificates for network authentication for AD joined devices for their network zones;
- obtain machine certificates for network authentication for devices in device management systems for their network zones.
ETH employees and students can:
- receive machine certificates for network authentication of self-managed devices after activation by the VPZ owner.
- No labels