of in- and outbox] [Creation
of a personal signature] [Digital
signing and encryption of e-mails] [Inclusion
of the DFN-PKI LDAP directory service]
Configuration of in- and -outbox
Open the programm Evolution-E-mail and -calendar. If there's
no e-mail account registered in the programm yet, the e-mail
configuration assistent will start automatically. Otherwise
call the assistent with Edit-->Settings and choose
Add Account from the category E-Mail-Accounts.
Now leave the dialogue with Next.
If you don't want to restore a backup file, choose
Fill in your prename and surname as well as your TUD e-mail
address e.g. firstname.lastname@example.org (and further
information if you want).
In the next step, some inbox server information will be
Select IMAP from the option box as server type.
Servername is mail.zih.tu-dresden.de.
Take your login data from your immatriculation papers
respectively from the ZIH. The server connection occurs only
via SSL encryption (or TLS-encryption). Use your
password for authentication.
Diverse receiving options could be configured in the next
step. Choose 10-15 minutes as call interval.
Now configure the outbox information: leave SMTP as
default value. The server name is
mail.zih.tu-dresden.de. Choose login as legitimation
With a click on Apply the creation of your new account
If you don't have any passwords saved in Evolution yet, you
will be asked to enter your password. After validating your
password, you can see your newly created account.
Creation of a personal signature
The account management assistent has guided you through the
basic configuration options. It didn't, for example, affect
your personal signature (which is obligatory for all TUD staff
members since October 2010).
In order to modify your account settings go to
Edit--->Settings. In the window
Evolution-Settings select E-Mail Accounts from
the left column. Now select the desired account in the middle
column and click on Edit on the right.
modify your e-mail account settigs
Go to the category Identity-->New Signature in order
to create a personal signature.
Give your signature a significant name in the mittle column
and type in the signature in the right column.
Use the standardized TU signature as follws:
E-Mails sent by staff members should have a TU mail address as sender.
After the comlimentary close, complete emails with a signature similar to this:
Degree, Prename, Surname
Technische Universität Dresden
Tel.: +49 351 463-3xxxx
Fax : +49 351 463-3xxxx
E-Mail: email@example.com (or specific mail
*) information should be - if possible - in the signature,
but are not obligatory.
Save the newly created Signature with a click on the first
symbol in the head menu.
Close the account editor with OK. You are now back in
the Evolution settings window. The available settings are
devided into categories. Deal with the other settings and
consult the Help function, if you have any
digital signing and encryption of e-mails
The digital signing as well as encryption of e-mails is
getting more and more important in the e-mail traffic. Both
provide authentication of the sender and the integrity of the
e-mail content. Both options are supported by
The installation of the necessary certificates for signing and
encryption is a bit time-consuming. Thus, the approach is
described in detail in the following. Please leave Evolution
open and request ZIH-PKI-Website in your web browser.
Firstly the certificates of the Deutschen Telekom AG, the
DFN-association as well as the TU Dresden have to be imported
into Evolution as trusted certification authorities. Therefor
go to TU Dresden CA. Select Show
Certificate Chain from the category
The File chain.txt will open in a new window. It
contains the certificate chain. In order to save the file for
further use on your hard drive, choose File--->Save Page
As in the browser window. Choose the location, e.g. the
desktop, and name it chain.pem.
Now change back to Evolution. Choose Certificates
from the Settings. There will be three categories
available. Choose Certificate Authority and then
Select the file chain.pem and confirm with
Cornfirm by selecting all three checkboxes.
In order to digital sign e-mails, you need a personal user
The TU Dresden CA as trusted
certificate authority exposes free personal user
certificates for both staff members and students.
If you already have such a certificate, you can import it in
the next step. Otherwise, you can apply online for a new
personal user certificate here. Follow the instructions of your
browser. After finishing, print your certificate application
and get a personal confirmation from the User Advice Center of ZIH of th ZIH (you
need to bring a valid passport as well). Generally, you'll
get your personal user certificate within a few days in the
.pem-format (Privacy Enhanced Mail) attached to
an e-mail from the DFN-CERT.
In order to import your user certificate into Evolution, the
certificate has to be present in a certificate file in the
PKCS12 format (Personal Information Exchange Syntax
Standard). This standard specifies a portable data format,
which is used to save private keys and their according public
key certificates and protect them with passwords. Given that
the privat/public key pair is saved in the particular browser
during the certificate application process, the
PKCS12-certificate file has to be created on the same computer
as the certificate application.
Creation of a PKCS12-certificate file
1. Import of a personal user certificate in the web
Go to TU Dresden CA. In the category
Zertifikate and select Zertifikat suchen.
Type in your TU Dresden e-mail address
If your certificate had
been found, click on i in order to get further
Transmit your certificate in
your browsers certificate memory with click on
2. Export of the user certificate in the PKCS12-file
In Mozilla Firefox go to
Under the category Technische Universitaet Dresden you
should find your personal user certificate. Select it and
click on Save.
Save your certificate with the file extension .p12 to a secure
place and name it properly.
The certificate file has to be protected with a password. This
password is necessary to import the file.
A successful export will finish the process.
The newly created file can now be imported into evolution in
order to sign and encrypt messages with the program later. In
Evolution go to Edit-->Settings and choose
Certificates from the left, select Your
Certificates from the middle and press Import from
If this is your first certificate import, Evolution will
create a certificate database automatically. You will be asked
to assign a password to this database.
Afterwards you will be asked to type in the password of the
Choose your certificate and confirm with
After the import, you can find your user certificate in the
category Technische Universitaet Dresden.
In order to digitally sign your messages by default, go to
Settings-->E-Mail Accounts, select the desired
account and click on Edit. Settings could be changed in
the category Security.
In the part S/MIME select your user certificate (for
signing and encryption).
It is recommended to sign all outgoing e-mails by default and
also encrypt them, as long as the receiver also owns a personal
user certificate (to be able to encrypt the message).
When you write a new e-mail, you can now sign respectively
customize your signing options with Security from the
Einbindung des DFN-PKI LDAP Verzeichnisdienstes als
The DFN PKI provieds a public LDAP (Lightweight Directory Access
Protocol) directory service, which holds
all user certificates of the DFN PKI (this includes
certificates of the TU Dresden). You can include the LDAP
directory service in Evolution. That is a comfortable way
to find people and their according certificates within
the PKI. Unfortunately, the current Evolution Version
2.28.3 doesn't support search for user certificates,
Go to File-->New-->Address Book. Change type of
the address book in the category General to LDAP
Vegeben Sie den Namen DFN PKI LDAP,
ldap.pca.dfn.de, Port 389. Unter Evolution kann
die Verbindung zum LDAP-Server nur unverschlüsselt und
- Name: DFN PKI LDAP
- Hostname: ldap.pca.dfn.de
- Port Number: 389
In Evolution the LDAP server connection occurs unencrypted
In the category Details fill in the Base-DN:
o=DFN-Verein, c=DE. Select Under from the Search
When addressing a new e-mail it is possible to search in the
LDAP for contacts.