How to Configure an email S/MIME certificate on Mac OS X Mail / Apple Mail

August 16, 2019 in Windows and Email S MIME

Note: It is recommended to use a Firefox browser on a Mac OS to request and collect the certificate. If you have already collected the certificate, please ensure that you have the certificate in PKCS12 format. If not, please export the certificate from the Firefox browser into a PKCS12 format.

Note: If your certificate is not already installed on the computer you are using, then please export it from the machine on which it resides using one of the browsers listed on the SPAC main page. You then need to transfer it to this computer (email it to yourself or save the certificate file to USB then copy over). You can then follow the 'import' instructions in this document.

Importing your certificate into Apple Mail

Signing and Encrypting mails

Importing your Certificate into Apple Mail:

Apple Mac OS uses the Keychain Access Utility to manage digital certificates.
To import your CPAC into Apple Mail:

  1. Click Applications > Utilities > Keychain Access

  2. Select Login from left side and click File > Import Items...

  3. Navigate to the location of your PKCS12 certificate file and click Open

  4. Enter the key pair's password and click OK
    Note: If prompted whether to trust certificates issued by your CA automatically, select Always Trust option to trust and install your certificate.

The certificate will be installed and can be viewed by clicking Category > My Certificates in the Keychain Access interface.

Once installed the certificate will be available for digitally signing and encrypting your emails through Mac Mail and Apple Mail and for authenticating yourself to the websites that require certificate authentication.

Signing and Encrypting Mails

  • Signing an email ensures the recipient knows the email has come from you and informs them that it has not been modified in transit.

  • Encrypting an email ensures that only the recipient can read the email content and attachments.

Note: In order to encrypt email, you must first have your recipient's email certificate in your certificate store. To obtain their certificate, you need to get your contact to send you a signed email. Upon receipt of the signed email, their certificate will be automatically imported into your certificate store and you will be able to sign/encrypt email to that person.

To sign email:

  1. Compose your email and attach files as usual.

  2. Click the Sign icon that appears in the compose window.

  3. Click the Send button.

To encrypt e

  1. Compose your email and attach files as usual.

  2. Click the Encrypt icon that appears in the compose window.

  3. Click the Send button.