Default English Deutsch

How to set up Ldap and certificates on your own computer and send encrypted e-mails

0. TL;DR

E-Mail

Hostname: ldap.in.tum.de
Base DN: ou=IN,o=TUM,c=DE
Port number: 389

Ldap

Server: ldap.in.tum.de
Port: 389
Search Base: ou=IN,o=TUM,c=DE

1. Ubuntu - Thunderbird

1.1 Install certificate

Install certificate here, the best tutorial is given under this adress:
https://wiki.in.tum.de/Informatik/Helpdesk/BenutzerZertifikate#A_5.2_Unix_47Linux_45_Firefox_47Thunderbird

1.2 Use certificate for 'Sign' and 'Encrypt'

Choose Edit → Account Settings

At the tab Security at Digital Signing choose select

At the following windows select the right certificate

Thunderbird want to know, if we really want to encrypt and decrypt messages.

1.3 Set up LDAP adress book

Select Edit → Preferences .

At the tab Composition → Addressing: select Directory Server and go to Edit Directories.

Click on Add.

Fill in the form as it is shown at the window: (If you want to find @ma.tum.de Accounts, you should use: ldap.ma.tum.de, base DN: ou=users,dc=ma,dc=tum,dc=de)

At the Thunderbird Preferences in the tab Composition → Addressing at Directory Server the former set LDAP should be chosen.

1.4 Sign mails

When writing a mail, click on S/MIME and select 'Sign message'

1.5 Encrypt mails

When writing a mail, click on S/MIME and select 'Encrypt message'

2 Windows - Microsoft Outlook

2.1 Install certificate

Install certificate in Windows, the best tutorial is given under this adress::
https://wiki.in.tum.de/Informatik/Helpdesk/BenutzerZertifikate#A_5.3.1_Installation_in_Systemsteuerung

2.2 Zertifikat zum Verschlüsseln und Signieren auswählen

Click on File then Options.

Select Tab Trust Center the Settings for Trust Center.

Click at E-Mail Security , Settings.

The name for the security setting can be chosen arbitrarily and click at Signaturzertifikat then Select.

The next window show your certificate, just for your interest.

Close the windows Security Settings by clicking OK .

2.3 Set up LDAP adress book

Go from File to Account Settings klicken.

At the tab Adress books select New.

Select Internetverzeichnisdienst (LDAP) and click on Next.

Servername is ldap.in.tum.de and go to Advanced settings klicken.

Outlook must be restarted

In the tab connection under details select Port 389.

In the tab Search under Searchbase select Advanced and type in ou=IN,o=TUM,c=DE and click OK.

At this window click on Next.

Everything is finished and then done

2.4 Look up after a Email adress with the LDAP

While composing a mail, click on the button: 'To..'

Select the adress book and look up the first name and/or the last name.

2.5 Sign mails

While composing a mail, go to the tab Options and select Sign anklicken.

2.6 Encrypt mails

While composing a mail, go to the tab Options and select Encrypt.

3 Mac OS - Apple Mail

3.1 Install certificate

Double click on the *.p12 file after downlaoding.


Click on add.

Type in the given passphrase.

You can check the import under Keychain access under _My Certificates_

3.2 Use certificate for 'Sign' and 'Encrypt'

This happens automatically, MacOS can map the certificate to the mails.

3.3 Set up LDAP adress book

Go to Systems Preferences...→Internet Accounts-->Add Other Account…and choose 'LDAP account'.

Fill out the form, like it is described in the screenshot

Finally click on 'Sign in' and everything is fine.

3.4 Look up after a Email adress with the LDAP

When composing a new message, just look after the person, like as in an adress book.

3.5 Sign mails

Mails, sent from the in.tum adress are signed automatically

3.6 Encrypt mails

It is only possible to send an encrypted mail, if you already saved the public key of the receiver in the KeyChain.

This happens e.g. as soon you received a signed mail from this person.