Öffnet in neuem Fenster Opens in a new window Öffnet externe Seite Opens an external site Öffnet externe Seite in neuem Fenster Opens an external site in a new window

Information Technology

SSL server certificates

The HZB Certification Authority certifies servers in the HZB's own DNS domains, including helmholtz-berlin.de and basisit.de.

To obtain a certificate for an HZB server, generate a certificate request with a program such as openssl in the form of a PKCS#10 PEM file. The name in the certificate request must end with: O=Helmholtz-Zentrum Berlin fuer Materialien und Energie GmbH,C=DE. You are responsible for the secure key management and further steps.

From 2022, server certificates will be offered paperless by the Trusted Certificate Service (TCS) of the pan-European research network GÉANT based on root certificates from Sectigo. Authentication via our Identity Provider is sufficient for this purpose.

Automatic server certificate creation and renewal with via the ACME interface is currently in the test phase.

To request a server certificate with a pre-created certificate request (CSR) use the following website:


Select the Helmholtz-Zentrum Berlin. The first time you use it, you will have to search for it, after that it will be offered for selection.

Authenticate yourself with your HZB account.

Upload the file with the certificate request created in advance.

The validity period of a server certificate is 365 days. You will be notified 30 days before expiration. If you select an "Annual Renewal Passphrase" in this form, you can easily have the certificate renewed in good time before expiry by specifying this password. An early revocation in self-service is also possible with this.