Public Key Infrastructure

The Windows team maintains their own Public Key Infrastructure (PKI) for the Windows and Citrix environments. On Windows devices registered within the UZH domain (i.e. d.uzh.ch), Windows PKI certificates work transparently, since the root certificates are automatically deployed. On stand alone Windows systems and other platforms (Mac, Linux), installation of the corresponding root certificates involves manual steps.

Downloading a Root Certificate

UZH Windows-CA Root (ZIP, 1 KB)

To install the root certificate, extract the UZH_D_Root_CA-G2.cer certificate file from the downloaded .ZIP file and install it on your system.

Note: If you do not want to install the certificate file manually, please refer to the “Simplified Installation” section below, where you can find installation files for Windows or macOS that will do the work for you.

To verify that you have received the correct root certificate, compare its fingerprint with the following string. In the list of installed root certificates, look for the name specified as “Zertifikatname”:

Root-Zertifikat Fingerprint

Simplified Installation

If you do not want to install the root certificate manually, you can find installation files below that will take care of this process on Windows or macOS systems. Please note that using the installer you are unable to check the certificate (fingerprint) before installation.

System Installation file
Windows d.uzh.ch Root-Certificate Windows-Installer (MSI, 744 KB)
macOS d.uzh.ch Root-Certificate Mac-Installer (PKG, 17 KB)

Note about the Windows installer: The installation file will display a message on startup that the publisher cannot be verified. This is to be expected and can be skipped.

Note about the macOS installer: On modern macOS systems, you'll get an error message like '"UZH_D_Root_Certificate_Installer-Mac.pkg" can't be opened because Apple cannot check it for malicious software." after starting the downloaded pkg file. In this case, please close that error, right click the installer and choose "Open" from the context menu. You'll get the error once again, but this time you can proceed with the installation (button "Open").