The present PKI ("version 1") is based on soft tokens. It is described on this page. In 2008, we introduce the new Fraunhofer-Smartcard PKI. Further information: see intranet pages.
Digital IDs ("Version 1")	PKI of the FhG "Version 1" Certification instance of the FhG "Version 1" for electronic certificates

Public-Key-Infrastructure of the Fraunhofer Gesellschaft

The Fraunhofer Gesellschaft has established a Public-Key-Infrastructure (PKI), which is the fundamental security architecture for safe and confidential communication via the internet. An important application is the security of personal communication by email.

For example, the security of an ordinary email can only be regarded as comparable to a postcard, because

• the sender can be spoofed, as you can see by many Spam Mails,
• the content can be changed during transfer, because the email is buffered/stored on several servers and
• the content can be read by many people, since it is transported over public networks.

For this reason, ordinary emails are not suitable for the transmission of confidential data. This serious disadvantage of emails can be overcome only by annotating the email with an electronic signature and encrypting it especially for the communication partner. Of course, not every email is confidential and requires encryption. Nevertheless, the sender should annotate it with an electronic signature, so that the receipient can determine without any doubts, who is the sender of the email and whether it was changed during the transfer.

For this purpose, the Fraunhofer Gesellschaft has established a Certification Authority (CA), which generates electronic certificates according to the published policy. These certificates are necessary for using an electronic signature and encryption. In this policy it is defined how the Certification Authority, with the assistance of a Registration Autority (RA) can be sure that the certificate actually belongs to the person who is identified by this certificate. If the communication partners of the Fraunhofer Gesellschaft trust the procedure defined in this policy, then they should integrate the root certificate of the Fraunhofer Gesellschaft into their personal security environment (e. g. email client, browser), so that all certificates issued by the Fraunhofer Certification Authority will be recognized as valid, and error messages in the clients because of "untrusted digital signatures" are avoided.

How to get your user certificate

Employees of the Fraunhofer Gesellschaft can get their user certificate here. Please click the link "Zertifikatanforderung und Schlüsselgenerierung" and follow the instructions on that page.

More information

• Home page of the Fraunhofer PKI

• Frequently Asked Questions (with answers)

For additional questions, please contact the Certification Authority of the FhG.

Root certificate of the Fraunhofer-Gesellschaft

If you plan to exchange signed and/or encrypted emails with employees of the Fraunhofer Gesellschaft, you should import the Fraunhofer root certificate into your browser or email client. This can be done in different ways:

Download and install the certificate into your browser:
Save the certificate as a file, e. g. for later installation:
Have the certificate sent to you by email:

Fingerprint of the Fraunhofer root certificate:

Responsible for the content of this page: Fraunhofer-Gesellschaft Root Certification Authority

The present PKI ("version 1") is based on soft tokens. It is described on this page.

In 2008, we introduce the new Fraunhofer-Smartcard PKI. Further information: see intranet pages.