This document will guide you through configuring your personal certificate to digitally sign documents on Mac.
Before you start configuring your email client, you should make sure that you have downloaded and installed your certificate.
Download Instructions: UW Digital ID (Personal Certificate) - Downloading My Digital Certificate through Comodo
Installation Instructions: UW Digital ID (Personal Certificate) - Installing My Certificate (Windows and Mac)
No configuration is necessary. Once your certificate is imported into your Keychain, Apple Mail is ready to begin using it. You will notice two new buttons on the right-hand side of the message window when you compose or reply to a message.
Here they are in the message window:
The sunburst icon represents whether the message is signed, and the padlock icon indicates whether the message is encrypted. By default, your messages are neither signed nor encrypted.
To digitally sign a message, begin addressing the message as you normally would. Click the sunburst icon with the "x". The "x" will change to a checkmark, signifying the message is now signed with your digital identity.
The padlock icon will remain grayed out until you receive a message from someone else that has been digitally signed with their certificate. Once an exchange of signed messages has taken place, the padlock will become available, and you may start signing and encrypting your messages. This ensures the security of your messages, and allows the recipient to have a greater degree of trust that the message originated from you.
When you receive messages from others, you will notice that they will now contain additional information in the header about whether the message is signed, encrypted, or both, as appropriate.
Note: Apple Mail might not display this security header if the message was encrypted. This is a known issue with Apple Mail, but we do not know of a fix or workaround.
Encryption Unavailable / Signed Message. The message cannot be encrypted since the certificate for one or more recipients is not known or does not exist.
Signed and Encrypted.
No security set. Click on the lock icon to encrypt and / or the seal icon to sign the message.
Choose "Preferences..." in the Outlook menu bar
Click the "Advanced..." button
Click the "Security" Tab
Then choose your certificate from the "Certificate:" drop-down box under the "Digital Signing" section.
Choose "SHA-1" for the Signing algorithm:
Choose "3DES" for the Encryption algorithm:
Verify the boxes are checked next to; "Sign outgoing messages", "Send digitally signed messages as clear text", "Include my certificates in signed messages"
The final settings should look similar to the screen below:
Note: When sending a message after configuring, you may receive the prompt "Microsoft Outlook wants to sign using key "keyname" in your keychain. To allow this, enter the 'login' keychain password." This prompt is looking for the computer administrator password.
Thunderbird (and other Mozilla family products) don't use the Macintosh Keychain. The UW Digital ID certificate is imported directly into the application.
Open Thunderbird. Click on Tools | Account Settings.
Click on Security>View Certificates under the relevant email account.
Go to the Your Certificates tab and click the Import button. Browse to the location where your digitial certicate is stored and double click to import the certificate.
If the certificate has imported correctly you will see the certifcate listed under the Your Certificates tab. Click OK to close this window.
Under the security options, click the Select button under Digital Signing.
In the drop-down menu for the list of digital certificates you have available, select the digital certificate you would like to use and click OK.
The window below appears next. Click Yes.
The Digital Signing area in the Security window should now display the name of the digital certificate being used. In order for the certifcate to be active, check the box Digitally sign messages (by default).Please note that under Encryption, the selection is set to Never (do not use encryption). Click OK to complete the digital signature configuration.