Applications like Mail and Safari support the use of digital certificates for secure email and client SSL authentication. These applications use keys and certificates that are stored in the Keychain.
For example, to enable secure email with Mail, the basic steps are:
- Generate a key and certificate pair, using a product such as SimpleAuthority or the Certificate Assistant (see this hint)
- Import the key and certificate pair into the Keychain, such as by double clicking on the .p12 file
- Import the Certification Authority (CA) certificate into the X509Anchors keychain, so that certificates issued by this CA are trusted
- Mail automatically recognises that secure email is possible and provides options in the compose window to sign and/or encrypt.
Fortunately there is a solution. You can specify the trust level for each certificate using Keychain Access. Double-click on the certificates that you do not want to use, scroll down the bottom of the certificate details to Trust Settings, click on the small arrow to expand the section, and configure the trust settings to "Never Trust." This makes the private key still available to decrypt data, but it prevents it from being used to generate any new digital signatures.
•
[32,873 views]

