Note and remember the password for your personal certificate assigned when you applied and save the certificate file on your device. The certificate file can only be downloaded during the application process. It is not possible to use the certificate without the certificate file or the password. In this case, a new one must be requested.
Certificates are valid for a limited period of 2 years. If a certificate expires, you will receive information by email in good time. You must then apply for a new certificate.
Expired certificates and the corresponding passwords should continue to be saved and integrated into the email client. This is the only way to continue decrypting encrypted (older) emails.
All personal certificates and certificates of functional addresses are automatically provided in the global address book of Exchange and LDAP directory of the DFN-PKI (see below), so that the exchange of encrypted emails is possible.
TU Dresden is legally obliged to provide the information (email address, certificate) for the encryption of employees in a publicly accessible directory. The legal obligation results from § 2 para. 1 sentence 3 of the Saxon E-Government Act (SächsEGovG): “Encryption procedures must be offered and generally used for electronic communication.”
To send an encrypted email, the recipient's certificate must be known. To do this, the keys must initially be exchanged via an email signed with the certificate.
Example: Person A sends an email signed with their personal certificate to person B. Person B now knows the certificate of person A and can send them an encrypted email directly.
The DFN PKI offers a public LDAP (Lightweight Directory Access Protocol) directory service which can be used as a DFN-wide email address book for email addresses and certficiates. You can configure this LDAP directory as an address book in your email client in order to find people and their associated certificates to send them encrypted email. The directory contains all user certificates of the old DFN PKI and all SECTIGO-issued certificates of TU Dresden and several other organisations (mostly Max Planck insitutes). Further organisations might be added in the future.
You can also browse the DFN PKI directory directly using an LDAP browser:
Hostname: ldap.pca.dfn.de
Port: 389 (also with SSL) or with LDAPS 636
Base DN: o=DFN-Verein, c=DE
Email Client | Contact | Certificates | Automatic Access without Setup |
---|---|---|---|
Apple Mail for macOS | ✓ | - | - Instructions |
GNOME Evolution for Linux | ✓ | ✓ | ✓ (only necessary for TUD external contacts) |
Microsoft Outlook for macOS | ✓ | ✓ | ✓ (only necessary for TUD external contacts) |
Microsoft Outlook for Windows | ✓ | ✓ | ✓ (only necessary for TUD external contacts) |
Mozilla Thunderbird | ✓ | ✓ | - Instructions |