Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.6: Sign and encrypt emails in Mail via thawte' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Sign and encrypt emails in Mail via thawte
Authored by: Frig on Oct 02, '09 08:11:23AM
There's a much easier way to get yourself a X.509 certificate for using S/MIME with Apple Mail:
  1. Just go to and create or login with your account
  2. register your email address under my emails if it isn't already
  3. go to certificates -> request a certificate and generate a certificate with your browser.
  4. You receive a mail with the link to the certificate and if you click on the link it will be automatically installed in your browser

This is what is done, when requesting a certificate:

  • You click through the information you want to provide.
  • The webserver sends the request to generate a private key and send a certificate request.
  • The private key will be saved in your keychain.
  • The browser submits the certificate request and the certificate authority uses the data you submitted and generate a valid certificate with it.
  • If you click on the link for the certificate, it will get downloaded and saved in your keychain. So Apple Mail recognizes a valid certificate and will automatically use your certificate.

If you're using Firefox i.e. the certificate and private key will be saved in Firefox. You have to go to Preferences -> Security -> View certificates and export your email certificate. After that you could double click on it in Finder and it will be imported to your keychain.

[ Reply to This | # ]
10.6: Sign and encrypt emails in Mail via thawte
Authored by: QJB on Oct 02, '09 08:16:26AM

So to be clear. The private key is generated on your own machine and never leaves your computer during this process. Only a certificate signing request containing your public key will be sent to Thawte.


[ Reply to This | # ]
10.6: Sign and encrypt emails in Mail via thawte
Authored by: lrivers on Oct 04, '09 03:20:59PM

Thanks for the write-up.

[ Reply to This | # ]
10.6:ECA Certs broken?
Authored by: David Fetrow on Oct 05, '09 02:19:26PM
ECA/DOD X.509 certs seem to have become broken in MacOS 10.6.

Reading encrypted email, signing work fine. Encrypting breaks.

These are certs used by contractors. Like many other organizations (e.g. certain State Governments) they are rather standard certs but have special chains of trust and are not available except from certain vendors.

One of the few workarounds I know is to send encypted email via Entrourage.

I suspect the extreme future dates in the chain of trust certs might be the issue but don't know why they worked in 10.3-10.5 and now are broken.

I and several other Mac users would be very very happy to learn we are just forgetting to do something.

[ Reply to This | # ]

10.6:ECA Certs broken?
Authored by: ccannell on Dec 07, '09 01:59:07PM

Does anyone have any additional information on encrypting email in Mac Mail using a Verisign ECA/DoD certificate? Address Book indicates that a certificate is associated with the email address in question. I'm also able to decrypt mail sent to me. When I attempt to send an email to a recipient, whose public cert I have, the encrypt and sign buttons are shown but grayed out.


Edited on Dec 07, '09 02:02:35PM by ccannell

[ Reply to This | # ]
10.6:ECA Certs broken?
Authored by: David Fetrow on Aug 30, '10 09:43:29AM

See and OS X Mail/

[ Reply to This | # ]
10.6: Sign and encrypt emails in Mail via thawte
Authored by: davidduff on Jan 04, '10 12:31:09PM

i have been using thawte freemail certs for several years and now i have a replacement cert from verisign. i just noticed however that is still sending out my old thawte cert in my outgoing email when i choose to sign a message.

how do i make the new verisign cert my current cert and get mail to stop using the old one?

if i look in, i can see both certs. if i look at myself in Address Book, then i see that certain of my email addresses have little cert symbols next to them and if i click on them, i see old an expired thawte cert (i.e., neither the most recent but now revoked thawte cert nor the new verisign cert). i assume this is a bug. (i'm running 10.5.8)

is there some what to tell the system or which cert to use?

[ Reply to This | # ]