You are located in service: Certificates

Integrate DFN-LDAP as address book

Integrate DFN-LDAP as address book


You can configure Outlook to send digitally signed and/or encrypted e-mails.

These instructions were created using Outlook 2016 on Windows 10 (Latest update 23.04.2020).


Configure the DFN-LDAP Address Book (optional)


Why you might want to use the DFN-PKI LDAP Server:

If the recipient of an encrypted e-mail also has a DFN-PKI user certificate (most higher education facilities in Germany do), then you can send this encrypted e-mail without a prior handshake, i.e. exchange of digitally signed e-mails.


DFN konfigurieren 1


DFN konfigurieren 2

DFN konfigurieren 3

You define a new Address Book.

DFN konfigurieren 4

Your new address book is a LDAP Server.

DFN konfigurieren 5

The Servername is ""

DFN konfigurieren 6

This is just informing you that you need to restart Outlook, clicking on "OK" doesn't do it. You need to manually restart Outlook before you can use the new Address Book.

DFN konfigurieren 7

This tells Outlook to use a secure connection to the LDAP Server. With "Anzeigename" you name your LDAP address book, e.g. "ldap-DFN-PKI".With "Anschluss" you define your TCP Port to the LDAP Server, the value "636" enforces a secure connection.

DFN konfigurieren 8

Here you define the scope of your search within the LDAP (directory structure). Your widest search scope can be "ou=DFN-PKI,o=DFN-Verein,c=de".

DFN konfigurieren 9
DFN konfigurieren 10
DFN konfigurieren 11

This might be a good time to restart Outlook.


Use the DFN-LDAP as an Address Book (optional)

DFN LDAP benutzen 1

You are trying to send an encrypted e-mail, and decide to look up the recipient in the DFN-PKI LDAP address book.

DFN LDAP benutzen 2

You specify that your search should be inside the ldap-DFN-PKI address book and you want to make an extended search.

DFN LDAP benutzen 3

You search criterium is "RWTH RA" anywhere inside the "Common Name" field of the DFN-PKI user certificates.

DFN LDAP benutzen 4

You have found the recipient you are looking for, you need to save them as your own contact.

DFN LDAP benutzen 5

Please note the user added "(DFN)" part in the Name. This helps you distinguish your contact as one imported from the DFN-PKI LDAP address book, i.e. with a user certificate (and a public RSA Key associated to it).

DFN LDAP benutzen 6
DFN LDAP benutzen 7

You're back to wanting to send an encrypted e-mail, to the contact you previously explicitly found in the DFN-LDAP address book and saved as your "own" contact.

DFN LDAP benutzen 8

You need to search among your own "Contacts", because you can only send an encrypted e-mail to an "own" contact, choose the one you tagged with "(DFN)".

DFN LDAP benutzen 9

Choose to "encrypt".

last changed on 11.03.2021

How did this content help you?