Server certifications

In the WWW the confidentiality of the information transferred is achieved with so-called secure connections. All current browsers can establish secure connections to a WWW server. You can recognise a 'WWW page' that is called up via a secure connection by the fact that its WWW address begins with 'https:' instead of http:. You can recognise a secure connection in your browser if you have a closed lock symbol, e.g. in the footer of your browser window.

To ensure that your browser can establish a secure connection to a WWW server, it must first be able to establish the 'identity' of the server. To do this, the WWW server shows the browser a certificate that gives information about the operator of the server and the issuer of the certificate. This is where the certification authority that issues the certificate for the server comes into play. Even certification authorities themselves have a certificate that may be issued by a further certification authority ('parent certification authority'). In this way, there is a so-called certification path from the certificate of the server to a so-called root certification authority whose certificate is no longer issued by a further certification office.

The secure connection will only be established without further queries if the browser can follow the certification path back to a (root) certification authority that it regards as trustworthy. Otherwise, you will receive a warning and then have to decide if you allow the connection. Your browser has already pre-installed a list of trustworthy certification authorities; if necessary you can add further certification authorities.

Certificate requests via GEANT TCS/sectigo are currently unavailable.

DFN is working on a new solution; we will inform about this here (end of January 2025).