How to set up Ldap and certificates on your own computer and send encrypted e-mails
LDAP
Name: CIT
Serveraddress: ldap.cit.tum.de
Port: 636
Base DN: ou=dir,dc=cit, dc=tum,dc=de
1. Ubuntu - Thunderbird
1.1 Install certificate
Install certificate here, the best tutorial is given under this adress:
https://wiki.in.tum.de/Informatik/Helpdesk/BenutzerZertifikate#A_5.2_Unix_47Linux_45_Firefox_47Thunderbird
1.2 Use certificate for 'Sign' and 'Encrypt'
Choose
Edit →
Account Settings
At the tab
Security at
Digital Signing choose select
At the following windows select the right certificate
Thunderbird want to know, if we really want to encrypt and decrypt messages.
1.3 Set up LDAP adress book
Select
Edit →
Preferences .
At the tab
Composition →
Addressing: select
Directory Server and go to Edit Directories.
Click on Add.
Fill in the form as it is shown at the window: (If you want to find @ma.tum.de Accounts, you should use:
ldap.ma.tum.de, base DN: ou=users,dc=ma,dc=tum,dc=de)
At the
Thunderbird Preferences in the tab
Composition →
Addressing at
Directory Server the former set LDAP should be chosen.
1.4 Sign mails
When writing a mail, click on
S/MIME and select 'Sign message'
1.5 Encrypt mails
When writing a mail, click on
S/MIME and select 'Encrypt message'
2 Windows - Microsoft Outlook
2.1 Install certificate
Install certificate in Windows, the best tutorial is given under this adress::
https://wiki.in.tum.de/Informatik/Helpdesk/BenutzerZertifikate#A_5.3.1_Installation_in_Systemsteuerung
2.2 Zertifikat zum Verschlüsseln und Signieren auswählen
Click on
File then
Options.
Select Tab
Trust Center the
Settings for Trust Center.
Click at
E-Mail Security ,
Settings.
The name for the security setting can be chosen arbitrarily and click at
Signaturzertifikat then
Select.
The next window show your certificate, just for your interest.
Close the windows
Security Settings by clicking
OK .
2.3 Set up LDAP adress book
Go from
File to
Account Settings klicken.
At the tab
Adress books select
New.
Select
Internetverzeichnisdienst (LDAP) and click on
Next.
Servername is
ldap.in.tum.de and go to
Advanced settings klicken.
Outlook must be restarted
In the tab
connection under details select
Port 389.
In the tab
Search under
Searchbase select
Advanced and type in
ou=IN,o=TUM,c=DE and click
OK.

At this window click on
Next.
Everything is finished and then done
2.4 Look up after a Email adress with the LDAP
While composing a mail, click on the button: 'To..'
Select the adress book and look up the first name and/or the last name.
2.5 Sign mails
While composing a mail, go to the tab
Options and select
Sign anklicken.
2.6 Encrypt mails
While composing a mail, go to the tab
Options and select
Encrypt.
3 Mac OS - Apple Mail
3.1 Install certificate
Double click on the *.p12 file after downlaoding.
Click on add.
Type in the given passphrase.
You can check the import under Keychain access under _My Certificates_
3.2 Use certificate for 'Sign' and 'Encrypt'
This happens automatically,
MacOS can map the certificate to the mails.
3.3 Set up LDAP adress book
Go to Systems Preferences...→Internet Accounts-->Add Other Account…and choose 'LDAP account'.
Fill out the form, like it is described in the screenshot
Finally click on 'Sign in' and everything is fine.
3.4 Look up after a Email adress with the LDAP
When composing a new message, just look after the person, like as in an adress book.
3.5 Sign mails
Mails, sent from the in.tum adress are signed automatically
3.6 Encrypt mails
It is only possible to send an encrypted mail, if you already saved the public key of the receiver in the
KeyChain.
This happens e.g. as soon you received a signed mail from this person.