The global address book in Apple Mail provided by Exchange already contains all members of TU Dresden. Please configure the LDAP directory only to find people from other universities and institutions in the DFN. It can currently only be used as an address book:
Apple Mail stores all certificates in the central "Keychain Access" of macOS. It cannot yet automatically access the certificates from the LDAP directory. Therefore, have your contact send you a signed email. The certificate is then automatically saved in the Keychain Access.

The following describes the configuration of Apple Mail for the integration of the DFN PKI LDAP directory service.
 

1. To do this, open the Contacts application and click on "Add Account..." in the menu bar. 

2. Select "Other Contacts Account..."

3. Please set the account type to "LDAP".

4. Fill in the following details in the window that opens:

Name: DFN PKI LDAP
Search range: o=DFN-Verein, c=DE
Range: Subtree
Server: ldap.pca.dfn.de
Port: 636
Use SSL
Identification: None

5. Please confirm the information with "Sign in".

6. After you click on "sign in", you will find the LDAP tab in the Contacts program, where you can search for specific persons or addresses. 

7. As soon as you start searching for new people or addresses in the Recipients section of Apple Mail, you will receive matching suggestions through the LDAP directory.