User certificate (S/MIME)
A personal certificate lets you digitally sign and encrypt emails (S/MIME) and authenticate against some HU services with a certificate. The certificate is issued centrally by CMS.
01 · What for
Typical use cases
- Email signing: Recipients can verify the message really came from you and was not altered in transit.
- Email encryption: Content readable only by recipients whose public key you hold.
- Authentication to HU services via certificate instead of password (e.g. some internal self-service portals).
02 · Eligibility
Who is eligible?
HU staff with a valid HU account. Students cannot currently obtain personal certificates this way.
03 · Workflow
Three steps
Full guide with screenshots at CMS – just an overview here.
-
Generate the certificate in self-service
Sign in to the CMS self-service portal and request the certificate. You receive an
account.p12file (PKCS#12) to download. Validity: three years. -
Import into your email client
Import the
.p12file into Thunderbird, Apple Mail or Outlook – CMS maintains per-client guides. -
Optional: publish in the HU directory
So others can send you encrypted email without having to obtain your certificate from you first. No longer automatic – only on request.
Open CMS user-certificate guide
Keep the key safe. Anyone with the
.p12 file and its password can sign as you and decrypt your old encrypted email. Private backup in a safe place, not in public cloud storage.