Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.3: S/MIME encryption and Mail.app' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: S/MIME encryption and Mail.app
Authored by: jfewtr on Jan 23, '04 09:28:01AM

I cannot get my certificate to "stick".

To get things working, first I have to open a signed & encrypted mail from myself that I have previously saved in my mailbox. The message is decrypted fine, but I get the warning that the signature cannot be trusted. So I click OK to accept the certificate. From then on, I can read mails without the signature warning and I can compose signed/encrypted mail (which I cannot do before accepting the cert). Good.

The problem is that it only works for that session. If I quit Mail and then relaunch it, I go back to the warnings again.

I assumed that this must be because Mail does not recognise my CA. So, based on the advice in other threads regarding SSL certs, I have moved my CA's root cert into the X509Anchors keychain. However this has made no difference. I still have exactly the same problem.

Maybe I have misunderstood, but I thought if I put a root cert into X509Anchors, the system would trust it. Is that not correct? Is there some other "master list" of recognised trusted CA's?



[ Reply to This | # ]
10.3: S/MIME encryption and Mail.app
Authored by: jrdavidson on Jan 26, '04 06:46:19PM

No - X509Anchors is the right place - I had to do it as root, though, to be able to write into that keychain. I put the root CA cert, and my public key there, just for completeness sake.

Also - make sure your Full Name in your mail.app Account preferences matches exactly the Common Name in your public key cert.

Proof of the pudding is starting mail.app from scratch, clicking on New (message) and seeing the signing button show up. The encrypt button will only show after you enter a destination address for which you already have accepted a signed email - thus importing that person's public key into your personal keychain.

hope this helps.



[ Reply to This | # ]