SSL server certificates
For computers of the TU Wien you can - within the scope of an ACOnet contract - obtain server certificates from Sectigo (formerly Comodo) without additional costs.
SSL certificates can be created for the TU Wien domain tuwien.ac.at as part of the ACOnet contract.
Subject to technical feasibility, certificates may be issued for the following alternative domains of the TU Wien if required:
The following specific domain for organizational units is currently available:
Further domains - if they belong to the TU Wien - can be added if required. Please contact firstname.lastname@example.org
Furthermore, the conditions for ACOnet participation, cf. "Agreements" or "Principles" on the page "ACOnet Participation Request", in particular §3, Paragraph 2 of the "ACOnet Acceptable Use Policy, opens an external URL in a new window", must be fulfilled.
Further special restrictions can be found in the supplementary agreement, opens an external URL in a new window for the use of the Trusted Certificate Services (TCS).
You can apply for your certificate yourself without validation (from an IP address of the TU Wien) via the Sectigo customer portal, opens an external URL in a new window using single sign-on. First select the desired certificate type:
- "GÉANT OV SSL": myhostname and www.myhostname (e.g. example.com bzw. www.example.com)
- "GÉANT OV Multi-Domain": up to 25 server names with 1 certificate, e.g. for Microsoft Exchange Server
- "GÉANT WildCard SSL": *.mydomainname and mydomainname (e.g. *.example.com)
Then fill in the actual details of your application, in particular upload the CSR (Certificate Signing Request).
After submitting your application, it will be checked by TCS administrators - authorized representatives of the TU (TU.it employees) - and only then will it be passed on to the certificate provider for certificate creation. You will then receive an e-mail with your certificate.
Attention: Only SSL/TLS-certificates with a maximum validity of 1 year will be issued!
Unlike our previous provider DigiCert, Sectigo no longer offers specially created login accounts. Instead, you now authenticate yourself directly on the Sectigo customer portal, opens an external URL in a new window using single sign-on. To do so, please select "Your Institution" on the portal and search for "TU Vienna". Then select the TU Vienna and log in with your network password (and one-time tokens if you use two-factor authentication).
At the first login per device you have to give your consent that your data may be used for this Identity Provider.
Sectigo certificates are created according to the SHA-2 algorithm (default: hash value 256).
Certificates issued before May 1, 2020, will of course remain valid until the end of the validity period specified at that time.
GÉANT, opens an external URL in a new window has concluded a framework contract with Sectigo for the allocation and administration of X.509 certificates and provides this service as a Trusted Certificate Service (TCS) to all participating scientific networks.
ACOnet, opens an external URL in a new window has also joined this contract and provides these certificates for ACOnet participants free of charge and in unlimited numbers.
If a larger circle of users has to be served, one is dependent on the fact that the certification authority is already known to all common browsers. Within the framework of ACOnet, such certificates are made available free of charge via TU.it.
For only locally used servers the generation of "self signed" certificates is a good option. The OpenSSL command is
openssl req -x509 -days 9999 -new -newkey rsa:4096 -sha256 -text -nodes -out selfSigned.pem
The key length is set to 4096 (otherwise 2048 is usual) bits and the hashing procedure to the SHA-256 required by modern clients.
The private (secret) key is stored under the file name privkey.pem.
© TU Wien
Ticketsystem Online Portal, opens an external URL in a new window
Hotline 01 588 01 42002
1040 Wien, Operngasse 11, EG
The Service Center can be reached digitally from 8 a.m. to 4 p.m.
Personal customer contact only by prior appointment, opens an external URL in a new window.
Compliance with the currently applicable COVID-19 security regulations is assumed.