How-to Request an S/MIME certificate (CertMine)
Output of S/MIME certificates currently not possible
This how-to explains how employees of the university can request an official S/MIME certificate to sign or encrypt their emails.
Requesting an S/MIME certificate
1. Go to the CertMine page linked here on a secure work station. CertMine currently supports Chrome, Edge, Firefox and Safari on Windows, Linux and macOS. Requests via smartphone are currently not supported.
2. Enter the email address for which you would like to request the certificate. Then click on Absenden ("Submit") to receive a login link for CertMine via email.

3. Open the link that you received via email in your browser.

4. Select the type of email address for which you would like to request the certificate. The table on this page gives you an overview of the type of email you should choose.

5. Enter your first and last name in the respective fields.
If you do not need a certificate for a personal address, but rather for an official roll (e.g. data protection supervisor) or for a dedicated group (e.g. as a secretariat), enter the pseudonym, group name or server function of the email address in natural language in the "Common name field. The common name will be shown to the recipient of your email as the sender’s name. "University Computing Centre data protection supervisor" or "Secretariat of the Heidelberg University Computing Centre" are examples of two common names for the URZ.

6. Set a password for your certificate. Be sure to follow the instructions for creating an appropriate password given on the page. After entering the password twice and saving it in a secure location, please click Weiter ("Next").

7. The certificate key will now be generated and downloaded. The save location is determined by your browser settings. The default is the "Downloads" file. It is best to move the file directly to another location where you store similar, sensitive documents.

8. You will then have to confirm your identity. You can either do this in person at our IT Service (Im Neuenheimer Feld 330, 69120 Heidelberg) or through a video call service. Both options require you to present a valid photo ID.

You can find more information about the office hours as well as the link to the video call service on the linked IT Service page.
9. Once your identity has been verified and the IT Service has processed your certificate request, you will receive a download link for your certificate via email.

10. Open the link in the email. Please now enter the key generated in step 7 for your certificate and the corresponding password. The key is only loaded into the browser and is not transferred to the server. Then click on Zertifikat herunterladen ("Download certificate").

11. The certificate will be downloaded onto your computer. To complete the process, the certificate must be imported into your email environment (see how-tos for importing S/MIME certificates). Please contact your IT representative if you require assistance with setting up your certificate.

12. Save the certificate file, e.g. in the heiBOX or on a USB stick, and keep it in a safe place. Be sure to save or memorize the corresponding unlocking password. If necessary, use a password manager such as KeePassXC for this. This backup can also be used to install the certificate on another device (tablet, smartphone, etc.) and integrate it into an email program there. In any case, please ensure that you handle the backup medium (USB stick or similar) and the unlock password with care.