Obtaining and using an S/MIME certificate on Apple MacOS
You can use personal S/MIME certificates to sign or encrypt emails on any platform, including Apple computers. This guide will help you obtain and import an S/MIME certificate on MacOS. The instructions apply to the default Mail application, but also to Outlook from Office.
Obtaining a certificate
You can obtain an S/MIME certificate in the standard way using CSR. Then, after verifying and issuing the certificate, create a PFX file in our administration. You then import it to a Keychain on your Mac, which serves as a certificate store.
Importing the certificate to the system
Keychain on a Mac is a system store of certificates and keys. Once you import the certificate from a PFX there, all system programs will be able to use the certificate. It is controlled using the Keychain Access application. When using stored keys, it is necessary to unlock the keychain, or allow the application to save the password for its use.
Start the Keychain Access application and click on Import items in the File menu. Then offer your PFX file to the application. After entering the password that protects it, the certificate will be imported, and you will see it in the My Certificates category in the keychain. That is all.
Use in the Mail application
The Mail application is the default system application for working with mail and is completely sufficient for this task. Mail will load the imported certificate automatically and you can start using it immediately. There is no need to set anything.
The Mail application automatically signs messages, as evidenced by an orange icon on the right side of the message window. Click on it to cancel signing. For signed messages, the signature detail is shown below the recipient's name: Security: Signed and the address from the certificate.
Double-click on this information to display the certificate detail.
Use in Outlook
If you do not have an S/MIME certificate in the system yet, repeat the procedure from the previous paragraphs and import it to the Keychain. Then it will be available in Outlook.
In the application itself, go to the Accounts via the application menu and the Tools item. A list of accounts in Outlook appears. Click Advanced at the bottom right.
In the next dialogue, select the Security tab. Then, in the first drop-down box, select the correct certificate that you want to use for signing. You can also immediately choose automatic (default) signature of outgoing emails (automatic encryption is not recommended, because you always need the certificate of the other party).
Outlook is now ready to use the certificate. Newly written messages will be automatically signed if you turned this option on in the previous step. If you turn on signing manually, choose Security on the Options tab and then choose to sign the message manually.
Warning: if you want to use icloud email and at the same time use 2FA protection for your Apple account, which we recommend, then generate a password for Outlook in Apple ID management, otherwise you will not be able to sign in to your icloud email.
Note: The manual was created on MacOS version 10.14.6. Used Outlook version 16.16.27 within Office 365.
We are sorry that you did not find the required information here.
Please help us to improve this article. Write us what you have expected and not found out.