Certificates, electronic signatures ****************************************************************************************** * ****************************************************************************************** The certificate is something like your electronic ID card. It helps you to log into the un systems safely, sign documents and protect your communication from misuse. At Charles Univ obtain the certificate through TCS or PostSignum certification authorities. Each system ha and acquiring method. ****************************************************************************************** * What do you need advice on? ****************************************************************************************** For whom are the certificates intended? • Students can only obtain a personal TCS certificate. • CU employees can use all types of certificates (TCS and PostSignum). What types of certificates does the university offer? TCS Personal Certificates • Designed for students and employees of Charles University. • Digital email signatures made by these certificates will be shown as trusted by most ema but cannot be used to communicate with government. However, they are well-used for secur with colleagues (e.g. in project collaboration) and for setting a new verified password entering the old password. TCS Server Certificates • Server certificates are used to ensure secure communication. They help to verify that th connecting to the correct server and secure the transmitted data. PostSignum personal certificates • Intended for CU employees. • Certificates are used for digital signing of e-mails, documents and for communication wi administration. PostSignum Signing Certificates • Intended for CU employees. Certificates can be used for digital signing of official docu format. • Signatures are recognized by the state administration. What are the conditions for obtaining a certificate? Conditions for obtaining a TCS certificate can be found at https://tcs.cuni.cz [ URL "http Conditions for obtaining PostSignum certificate: • the applicant must be an employee of Charles University, • the applicant must have a valid CAS account [ URL "MYLIFEEN-17.html "] and a verified em • email address must be in domain cuni.cz [ MAIL "(zavinac)"] How do I get the certificate? The procedure varies according to the certification authority: TCS certificates • Personal and server certificates can be requested online on the TCS portal CESNET [ URL tcs.cesnet.cz/"] . PostSignum personal certificates The application is submitted via Servicedesk [ URL "https://servicedesk.cuni.cz/marketplac front/formdisplay.php?id=58"] and a personal verification is required at the post office: • the applicant submits a request to Servicedesk [ URL "https://servicedesk.cuni.cz/market formcreator/front/formdisplay.php?id=58"] regarding the issuance of a certificate, • the responsible personnel on Servicedesk identifies the applicant and their email addres "https://is.cuni.cz/webapps/?lang=en"] , • the applicant subsequently requests the issuance of the certificate via the iSignum [ UR postsignum-cz.translate.goog/isignum.html?_x_tr_sl=cs&_x_tr_tl=en&_x_tr_hl=cs"] applicat same email that was marked in WhoIS needs to be used), • after the application is submitted, the applicant presents themself at the post office o with their ID card and the generated application number, • information regarding issuance of the certificate will be sent to email address set in t • issued certificate can then be installed to applicants computer. PostSignum Signature Certificates Regarding the issuance of the signature certificate, the applicant shall submit a request [ URL "https://servicedesk.cuni.cz/marketplace/formcreator/front/formdisplay.php?id=58"] : • the personnel in charge on Servicedesk tags the applicant and their email address in Who token (with PIN set) and installs the necessary application, • the applicant subsequently requests the issuance of a certificate via iSignum [ URL "htt postsignum-cz.translate.goog/isignum.html?_x_tr_sl=cs&_x_tr_tl=en&_x_tr_hl=cs"] (must pr email that was marked in WhoIS), • after the application is submitted, the applicant presents themselves at the post office Czechpoint with their ID card and the generated application number, • and finally, the applicant completes the process in the pre-installed app on their compu downloads the issued certificate to the USB token. What is the certificate format? • TCS certificates and a PostSignum Personal Certificate take the form of an encrypted fil on the user's computer disk. • The PostSignum signing certificate takes the form of a USB token (this certificate canno the form of a file). Frequently Asked Questions (FAQ) My personal certificate stopped being valid and I generated a new one. Can I delete the ol • Don't do it. You will not decrypt old emails that are encrypted with your old certificat certificate. You would never get to them again. My computer, where I had the certificate stored and installed, was deleted. Can I download somewhere? • No, you can't. Once you get the certificate in the form of a file, you need to back it u instance, you will need to apply again. My computer, where I had the certificate installed, was deleted. I have it backed up, but the password. Is there any way to find out? • No, unfortunately it does not. In this instance, you will need to apply again. The system refuses to issue me a personal TCS certificate, what should I do? • Check if your email address is verified in CAS and if the verification is not older than you're not sure, better verify your email address in CAS again and then apply for a pers again. I want a personal TCS certificate, is there any restriction regarding the operation system Linux)? • To obtain a TCS certificate, just use www browser Firefox or Chrome (and clones like Bra Windows, Mac, Linux. It can be used on all platforms. I want a personal PostSignum certificate, is there any restriction regarding the operation Mac, Linux)? • To get a certificate, you need to generate a request in a program that is only in the Wi The issued certificate then goes on all platforms. I want a PostSignum signature certificate, is there any restriction regarding the computer Linux)? • To get a certificate, you need to generate a request in a program that is only in the Wi The issued certificate can be used on systems for which there is a token driver - on Win I want a PostSignum signature certificate that is only issued to a token. I have my own Yu can I use it? • No, the certificate can only be issued to a PostSignum token that was provided by the un Support, Helpdesk • TCS - for questions and support, please contact the TCS administrator [ URL "https://tcs contact/"] for Charles University. Please, write to tcs(zavinac)cuni.cz [ MAIL "tcs(zavi • PostSignum - in the first step we recommend always contacting the IT support of the facu can find contacts their website). Only then, if the problem cannot be solved, contact Se "https://servicedesk.cuni.cz/marketplace/formcreator/front/formdisplay.php?id=58"] . Important links • How to request a TCS server certificate [ URL "https://tcs.cuni.cz/zadost/"] • Useful OpenSSL commands [ URL "https://tcs.cuni.cz/openssl/"] • CAA DNS records [ URL "https://tcs.cuni.cz/caa/"] • Acrobat Reader and certificates [ URL "https://tcs.cuni.cz/1ca/"]