Using digital signatures for email with Apple Mail and Outlook for OS X
You can use S/MIME certificates, also called 'S/MIME Certs' or 'Personal Certificates', with most email clients to digitally sign and/or encrypt email messages.
On this page:
Installing in OS X
Double-click the file downloaded or exported.
OS X Keychain Access will prompt you for the certificate passphrase; This it the password you created when exporting the certificate from the browser.
The certificate will be installed on your Mac and will appear in the 'My Certificates' section of Keychain Access. The certificate is now available for Apple Mail, Outlook, and other applications that can use client certificates.
Note:
Your certificate is only available on the computer and user account where you install it. If you want your personal certificate on other computers or devices, you will need to export it.
Exporting your certificate
From the Applications
folder, open the Utilities
folder and then open Keychain Access.
Select the keychain where you installed your certificate; this will usually be the login keychain.
In the 'Categories' section, select
. The right pane will list all of your installed certificates.Select the certificate associated with your name. You may have more than one personal certificate; select the one issued by 'COMODO Standard Assurance Client CA' with the latest expiration date.
Right-click the certificate and select
; alternatively, from the menu, select .Select a location for export, such as your Desktop. The file name should end with .p12
and the file format must be 'Personal Information Exchange (.p12)'.
Give your exported item a strong passphrase.
You'll then be prompted for a 'login' keychain password, which is usually the same one you use to log into your computer.
Now you can transfer your encrypted certificate file to another computer using a USB key, email, or other file sharing method.
Using your certificate with Apple Mail
Use these instructions to enable Apple Mail to use client certificates to digitally sign and encrypt email.
Enabling digital signing and encryption
If you have just installed your certificate on your Mac, close Mail and then restart it.
Begin composing an email message. A 'Signed' icon, containing a checkmark, should be in the lower right of the message header to indicate that the message will be signed. If the 'Signed' icon does not appear, select
in the lower left of the message header and add the 'Lock' and 'Signed' icons.Signing email
To send a signed message, verify that the 'Signed' icon has a checkmark in it, and not an 'x'. If the 'Signed' icon shows an 'x', your message will not be signed.
You may not want to sign messages to mailing lists, because S/MIME digital signatures are attachments, which some lists do not accept.
Encrypting email
If you have the public certificate for the user or users to whom the messages is addressed, you will be able to encrypt the email message: In the lower right of the message header, click the open lock icon to lock it; when the icon is locked, your email message will be encrypted.
If you do not have certificates for everyone to whom the message is addressed, you will be prompted to send the message unencrypted.
Using your certificate with Outlook for OS X
Use these instructions to enable Outlook to use client certificates to digitally sign and encrypt email.
Enabling digital signing and encryption
If you have just installed your certificate on your Mac, close Outlook and then restart it.
From the
menu, select . Select your IU email account, click , and then select the tab.In the 'Digital signing' section, select your certificate from the drop-down menu.
For 'Signing algorithm', the default value of
is appropriate for most situations.For the best usability, enable the following options:
In the 'Encryption' section, select your certificate from the drop-down menu.
For 'Encryption algorithm',
is the best option. It is not necessary to check ; each email message can be optionally encrypted when you compose it.IU does not currently use the 'Certificate authentication' options, so do not set this.
Click
to save your changes and exit Outlook Preferences.Signing email
By default, your email messages will be digitally signed. To indicate signing, a lock icon with the text 'This message will be digitally signed' will appear in the lower left of the message header when you compose an email message.
If you do not want to sign a message, from the
tab of the mail message, select and uncheck .You may not want to sign messages to mailing lists, because S/MIME digital signatures are attachments, which some lists do not accept.
Encrypting email
Address and compose your email message. From the
tab of the mail message, select and check .If Outlook is unable to find certificates for everyone to whom the message is addressed, you will be prompted to search the IU Active Directory for user certificates. If Outlook is still unable to find certificates for all addressees, you will be prompted to send the message unencrypted.