Mac OS X 10.3: Mail - How to Use a Secure Email Signing Certificate (Digital ID)

Learn how Mail in Mac OS X Panther can import a secure email signing certificate that you can use to protect S/MIME messages.
This article has been archived and is no longer updated by Apple.
Mail in Mac OS X Panther can use a secure email signing certificate to protect S/MIME messages. A secure email signing certificate is sometimes referred to by other names, including: Digital ID, secure certificate, Certificate Authority key, private key, or .p12 file. For additional information about what a secure certificate, private key, or Digital ID is, contact the third-party company you obtained the certificate, ID, or key from.

Mac Help includes more information about some topics covered in this document. With Mail open, from the Help menu, choose Mail Help.

Obtaining a secure certificate

To get a key, you must first obtain a secure signing certificate from a third-party, such as VeriSign or Thawte Communications. Certificates are usually PKCS12-format files. Their filename extension is ".p12". To obtain the certificate, you normally fill out an online form using a Web browser. You may need to pay for the certificate service.

Certain Web browsers, such as Safari and Microsoft Internet Explorer, may not allow you to order the certificate. In that case, try a different browser, such as Netscape Navigator or Mozilla.

Note: Your certificate file (ends with ".p12") may not be automatically downloaded to your Mac OS X volume. You may need to use your browser's preferences to back up the certificate, and save it to the desktop or a different location. After that, you can import it using the steps below.

Importing the secure certificate into Mail

  1. Double-click the .p12 file to open it. Keychain Access opens and imports the certificate. If this does not happen, drag the file onto the Keychain Access application icon (/Applications/Utilities).
    Note: If the certificate includes a private key, you'll need to enter the password for the key.
    Note: New certificates appear in Keychain Access, including your private key, your public key, and keys leading to a root Certificate Authority (CA) key.

  2. Quit Keychain Access.
  3. Open Mail. The keys are now available for use with S/MIME messages.

Sending a signed message

To send a signed message, you only need a private key for the sending email address. A signed message offers a lower level of security than an encrypted message, but a greater level of security than an unsigned message.

In the Compose window:

  • means the message will be signed

  • means the message will not be signed

Note: You can send a message that is both signed and encrypted.

A signed message includes this line above the body of the message:

Sending an encrypted message

You can encrypt a message if you have:
  • the private key of the sending email address
  • the public key of each recipient

An encrypted message offers a better level of security than a signed message. Once the appropriate certificates are available, a lock button appears in the Compose window (see below). It allows you to securely encrypt the message. Important: The message is encrypted only if you have the public key of the recipient.

Encrypted messages are saved in your Sent mailbox as an encrypted message.

In the Compose window:

  • means the message will be encrypted

  • means the message will not be encrypted

Note: You can send a message that is both encrypted and signed.

Importing another person's public certificate (key)

Importing another person's public key is easy. Just view a signed or encrypted message and Mail will automatically import the person's public key. You can use Keychain Access to view or edit it.

Related documents

25593: "Mac OS X 10.3: Mail - About SSL, IMAP Accounts and 'Remember My Decision'"

Published Date: Oct 10, 2016