S/MIME certificate for macOS Monterey
10 Nov 2021 | Jindřich Zechmeister
Apple recently released a new version of macOS, so we have created instructions on how to easily obtain, import, and start using an S/MIME certificate for email signing. The whole process is easier on macOS than on Windows, so do not hesitate to try it!
Obtaining a certificate
Getting an S/MIME certificate for signing and encrypting mail is easy. All you have to do is order it on SSLmarket and then confirm the link that you receive in the email from the CA. The email is sent to the address the certificate will be issued to.
After confirming the link, the certificate is issued immediately.
Import the issued certificate into the Keystore
Download the certificate in SSLmarket in PFX format. Use the previously saved private key to obtain it. Insert the content of the file with the private key (text) into our form, choose your own password (for PFX protection) and save the file.
Now you need to import the certificate with the key into the system store. The store is scanned and edited using the Keychain application. To import, open the Keychain and import the PFX into the "login" keychain, or simply open the PFX file and select the "login" keychain for the import in the following dialog. Do not select other keychains, as the system would ask you to enter a password to unlock them.
Signing messages
The signature is simple. The integrated Mail application itself recognizes that you have an S/MIME certificate and chooses the signature of the message itself. You see it as a small blue seal icon in the right part of the message window. You can also encrypt the message (blue lock), which will work if you already have the other party’s S/MIME certificate (you have exchanged signed emails).
If you do not want to sign the message, click on the seal to disable its signing and send it unsigned.
The recipient will see a signature symbol in his client, so they know that the message is indeed from the person stated and has not been altered in any way via the Internet. If the sender has a Class 2 certificate, you can authenticate not only his email address but also his name or company based on the certificate.