Installing the S/MIME Certificate on your Apple Mac
Using S/MIME Client Certificates with Apple Mail and Outlook for OS X
You can use Client Certificates, also called "S/MIME Certs" or "Personal Certificates", with most e-mail clients to digitally sign or encrypt e-mail.
When you receive your certificate from InCommon, it will be encrypted in the PKCS 12 format (.p12 or .pfx), using the PIN you created for it at the time of request. You will need this pass-phrase to install the cert.
The Incommon Certificate Manager will deliver the certificate to the end-user in PKCS#12 file format (.p12 file). The PIN specified in the PIN fields is used to protect access to this .p12 file. The end-user will be asked for this PIN when he/she imports the certificate into the certificate store of their machine.
Installing in OS X
The certificate will be installed on your Mac and will appear in the "My Certificates" section of Keychain Access. The certificate is now available for Apple Mail, Outlook, and other applications that can use client certificates.
Note: Your certificate is only available on the computer and user account where you install it. If you want your personal certificate on other computers or devices you will need to export it.
Exporting your certificate
Using your certificate with Apple Mail
Use these instructions to enable Apple Mail to use client certificates to digitally sign and encrypt e-mail.
Enabling digital signing and encryption
If you have just installed your certificate on your Mac, close Mail and then restart it.
Begin composing an e-mail message. A "Signed" icon, containing a check mark, should be in the lower right of the message header to indicate that the message will be signed. If the "Signed" icon does not appear, select Customize in the lower left of the message header and add the "Lock" and "Signed"icons.
To send a signed message, verify that the "Signed" icon has a check mark in it, and not an "x". If the "Signed" icon shows an "x", your message will not be signed.
You may not want to sign messages to e-mailing lists, because S/MIME digital signatures are attachments, which some e-mail lists do not accept.
If you have the public certificate for the user or users to whom the messages is addressed, you will be able to encrypt the e-mail message: In the lower right of the message header, click the open lock icon to lock it; when the icon is locked your e-mail message will be encrypted.
If you do not have certificates for everyone to whom the message is addressed, you will be prompted to send the message unencrypted.
Using your certificate with Outlook for OS X
Use these instructions to enable Outlook to use client certificates to digitally sign and encrypt e-mail. Enabling digital signing and encryption
In the "Encryption" section, select your certificate from the drop-down menu.
For "Encryption algorithm", ASE-256 is the best option. It is not necessary to check Encrypt outgoing messages; each email message can be optionally encrypted when you compose it.
The university does not currently use the "Certificate authentication" options, so DO NOT set this.
Click OK to save your changes and exit Outlook Preferences.
By default your e-mail messages will be digitally signed. To indicate signing a lock icon, with the text "This message will be digitally signed", will appear in the lower left of the message header when you compose an e-mail message.
If you do not want to default sign a message; from the Options tab of the e-mail message, select Security and uncheck Digitally Sign Message.
You may not want to sign messages to mailing lists, because S/MIME digital signatures are attachments, which some lists do not accept.
Address and compose your email message. From the Options tab of the e-mail message, select Security and check Encrypt Message.
If Outlook is unable to find certificates for everyone to whom the message is addressed, you will be prompted to search the Exchange Global Address List (GAL) for user certificates.
In the event Outlook is still unable to find certificates for all addressees, you will be prompted to send the message unencrypted.