Basic information on certificates
The following types of certificates are used at arvato systems:This certificate can be used to log on to the VPN or certain other applications. In addition, this certificate can be used as a "codesigning certificate" for scripts, for example.
This certificate is currently delivered as standard as part of the Starter Changer Leaver process for all arvato systems employees.
The certificate is available on a separate VSC ("OFFICE-VSC").
With this certificate you can encrypt or digitally sign documents or emails.
Mail encryption can also be carried out via MIP (Microsoft Information Protection). This mainly applies to internal company communication.
An SMIME certificate is required for encrypted communication with external customers.
If you require an SMIME certificate, this must be ordered separately as it is no longer part of the standard delivery.
This is ordered via a request to the Service Desk.
If you are wondering whether you already have one of these certificates, here is a picture to explain:
Open the "SmartID Desktop App" via the Windows search and click on your profile.
If you do not see a profile, you have not yet provisioned a VSC ("OFFICE-VSC"), this can be done via the Service Desk or the Starter Changer Leaver process.
The instructions for the actual provisioning can be found here.
There should be an entry with the issuer "BGROUP Authentication CA-G2" with a valid date.
The "Device Encryption" certificate is technically required but has no further significance for you.
All other certificates with the word "D-Trust" in the issuer are "SMIME certificates". The certificate with the latest date is the currently valid one.
Certificates with a date that is no longer valid are "historical" certificates that are required to decrypt old emails.
This certificate can be used to log in to administrative systems. This is primarily the "AdminDesktopV2".
This certificate must also be applied for. The certificate can be requested via Omada when it is first issued by the superior.
The certificate is available on a separate VSC ("ADM-VSC").
Here you will find another profile in your "SmartID Desktop App" with the following content:
This VSC again contains a "Device Encryption" certificate, which is only of technical relevance.
The other visible certificate from the issuer "arvato Systems Authentication CA-G2" is your admin authentication certificate.
This certificate is used for all logins via Cyberark.
This certificate must also be applied for. The certificate can be requested via Omada when it is first issued by the supervisor.
The certificate is available on a separate VSC ("PAM-VSC"):
Here you will find another profile in your "SmartID Desktop App" with the following content:
This VSC again contains a "Device Encryption" certificate, which only has technical relevance. The other visible certificate from the issuer "Arvato SystemsAdmin Authentication CA" is your PAM authentication certificate.
Please never delete certificates!
If you have any problems or questions about certificates, either our Help and FAQ or the Service Desk.