BfArM - Federal Institute for Drugs and Medical Devices

Navigation and service

FAQ for the use of the certificates

Frequently asked questions about the use of the certificates for PharmNet.Bund applications are answered here.

Does every user need an own certificate?

Yes, it serves the proof of the identity.

Can several certificates be installed on the same computer?

Yes, if several people work with the same computer, everybody needs his own certificate.

Can the same certificate be used on several different computer?

Yes, it is possible to install the same certificate on different computers.

Can one test a certificate?

Yes, under: https://portal.dimdi.de/ruben/faces/CheckCertificatePage.xhtml (pure upload test) one can test the certificate.

Can you tell us a supplier where such certificates are to be acquired?

In the instruction (Manual for the certificate) some certification authorities which issue digital X. 509 user's certificates are listed. The list exclusively serves the purpose to give some examples and is not to be understood as a reference or recommendation for the purchase of the products of the called en-terprises. Not everybody of the exhibitors listed there can issue the required certificate for the client authentication.

Can certificates also be acquired at alternative suppliers / resellers?

So-called resellers (e.g. https://icertificate.eu) offer certificates of different manufacturers. The issued certificates differ not in quality, but in the surrounding features (e.g. quickness of the exhibition, price, support etc.).

Is the PKI certificate of the company xyz the right one?

Due to legal reason we are not allowed to give any recommendation.

What does "Extended Key Usage" mean?

These additions can be added to a certificate. Originally certificates were only used to sign something, e. g., E-Mail or a document. If one likes to use it as "an identity card" for access control, a suitable entry must be in the addition. In the additions there are many different possibilities which can be used to create the certificate. We need this "client Authentication", so that the certificate proves the identity of the user.

Is there a possibility to acquire the certificate from PEI or BfArM?

No, only via the issuers noted in the instruction (Manual for the certificate) called exhibitor. BUT: not all manufacturers listed there offer the right type of certificate.

BfArM's user administration has "repaired" my certificate, but it still doesn’t work.

Restart the browser or delete cookies and logins manually (key combination STRG + SHIFT + DE-LETE)

After input of usercode and password only an empty side appears.

Probably the user has not yet imported his certificate into the browser.

After opening a highly secured application with the Internet Explorer a window appears for certificate confirmation and afterwards another window "request on approval for use of a key" (perhaps with password input) appears.

Screenshot: Zustimmungsaufforderung zur Verwendung eines Schlüssels

This second window appears if while importing a certificate into the IE, the option "activate high secu-rity for the private key" is clicked. With some users this option is apparently a unchangeable preset, by the system administrator. Then the approval request occurs with every SSO-Login and must be given (if necessary by input of a password).

Screenshot: Zertifikatimport-Assistent

I have selected the wrong certificate or have clicked on the "Cancel" button. Now calling the application I always re-ceive the error message "401: No client certificate chain in this request".

The browser remembers the first decision of the user and afterwards never ask for the user-identifica-tion any more. If one deletes the active logins in the browser, the query appears again. Approach: press key combination STRG + SHIFT + DELETE, select "active logins" (or "temporary Internet files" in the IE) and click on the delete button. Sometimes just a new start of the browser helps.

I cannot see my certificate.

In the segment "Certificate" click on the button „show”, then a window should open, the option „Open-ing with“ is selected and besides there is a "Search" button. In this case just click "ok" and the certifi-cate is shown with the Certificate-Viewer. If the display does not work, the following will help: click in the Windows-Explorer on a certificate (xyz. der) * right mouse key * opening with * select standard program* choose *Krypto-Shellerweiterungen * then "ok" and the certificate should be opened in Ru-Ben automatically with this program.

The user receives the announcement "The uploaded certifi-cate could not be recognized as a succession certificate-from the previously stored certificate and must be reviewed by the administrator in charge again."

If the certificate was not recognizable as a succession certificate, it is saved temporarily. In this case the certificate must be checked by the responsible administrator and be activated.