DESY SSL Certificates
Some web pages at DESY require SSL encryption – their URLs start with https instead of the usual http. When you connect to a server via SSL, it will present you a signed certificate in order to verify its identity. However, the signer of that certificate (usually the DESY Certification Authority) is unknown to most web browsers so that you will see a warning message about an untrusted (and possibly malicious) site.
In order to get rid of these warnings for good, you can import the certificates of the DESY Certification Authority and the DFN PCA into your browser. Go to the DESY CA and get the following certificates:
- For hosts with older certificates, you need “DESY CA – G01” and “DFN-Verein PCA Classic – G01”.
- For hosts with newer certificates, you need “DESY CA – G02”, “DFN-Verein PCA Global – G01”, and “Deutsche Telekom Root CA 2”
If you prefer to be cautious, you can cross-check these files with the ones available from the DFN PCA (G01/G02).