Öffnet in neuem Fenster Opens in a new window Öffnet externe Seite Opens an external site Öffnet externe Seite in neuem Fenster Opens an external site in a new window

How to obtain a certificate?

The following instructions show the way to obtain an e-mail certificate using the Firefox browser. It is also possible to use the Chrome browser or the new Edge Chromium. The older Edge browser cannot be used. With the Internet Explorer the procedure looks different as shown here. Take your time to perform the process in a concentrated manner. Once set up, working with signatures and encryption is very easy. An issued certificate is valid for 3 years.

And off you go:

Visit the certificate application page of DFN with your browser and select "Apply for a new certificate".

Enter your name (Umlauts must be written out in full, ä=ae, ö=oe, ü=ue, ß=ss), your HZB e-mail address and optionally your organizational unit in the following form. Academic titles can only be included in the name if they are included in your identification document.

If you are not directly employed by HZB, i.e. you do not have an employment contract with HZB, you have to put "EXT:" in front of your name, i.e.  EXT:John Doe

Choose a PIN, which you will need if you need to have your certificate revoked at some time and check both checkboxes. By doing so, you accept the rules and publish your certificate so that other people can use it to communicate with you securely and confidentially.

Check your data once again and then click "Save certificate application data file". Now your personal key pair will be generated. Since the private key must be protected, you will be asked to assign a password to this file during this step. Remember or write down the chosen password. You will need it if you have been issued the certificate at the end of the whole process.

Your key will be stored either in the default download directory or in a directory of your choice. The file has the extension .json.

Download the PDF application form now and print it out.

Sign the application form and present it at the registration office together with your official identity card or passport. The HZB ID card must not be accepted for identity verification.

Please make an appointment: 

After the application has been processed, you will receive your certificate by e-mail.

In this e-mail you will find a link to receive your certificate and merge it directly with the private key from the password protected .json file created in the previous step.

Save the file that contains your certificate together with your private key in PKCS#12 format (file extension .p12) in a safe location. We recommend that you use your MyDrive directory or your home directory, as these locations have a data backup and therefore cannot get lost even if your hard disk is damaged or your computer is reinstalled.

You will be asked to secure the file with a sufficiently high-quality password. Remember or write down this password in a safe place.


If you lose your private key or do not remember the password, you will never be able to read encrypted e-mails again.