These instructions detail how to install an S/MIME certificate in macOS and use it to send secure email messages with Apple Mail.
Download and install your certificate
Download a PKCS#12 file with your certificate from your SSL.com account by clicking the link supplied in your Certificate Activation Link email and following the on-screen instructions in your web browser. You will be prompted to enter a password before downloading the file.Note: when downloading your certificate it is possible to choose between the RSA and ECDSA algorithms via the Algorithm drop-down menu. However, ECDSA keys cannot be used for email encryption, so it’s best to leave this set to RSA.
- In the Finder, double-click the PKCS#12 file to open the Keychain Access application (The filename extension is
.p12). Alternately, you can drag the file to Keychain Access, located at
/Applications/Utilities/Keychain Access.app, or open Keychain Access, select File >> Import Items… from the drop-down menus, then navigate to the file.
- When prompted, enter the password you used when retrieving the PKCS#12 file from SSL.com.
- The certificate is now installed on your computer and is available for use by Apple Mail and other applications.
Send secure email in Mail
- Open Mail. If Mail was already open when you installed the certificate, restart it. If you are using an S/MIME certificate installed on a YubiKey USB token, insert the key before launching Mail.
- Create a new email message. If you have multiple email addresses configured in Mail, make sure you have selected the address that your certificate was issued for in the “From” line. If the certificate has been installed correctly, a blue button with a checkmark should be present at the right margin of the “Subject” line, indicating that the message is signed. If you don’t want to sign the message, you can click the button to un-check it.
- If you have your recipient’s public key, the button to the left of the checkmark will be shown in blue with a closed lock, indicating that your message will be encrypted. If you do not want to encrypt the email for some reason, click the lock button to show a white button with an open lock.
- When prompted, enter your Mac login password, giving Mail permission to use your private key to sign the message. Then, click the Allow or Always Allow button. If you are using a certificate installed on a YubiKey, you will be prompted for your PIN instead of the login password.
- The email is sent! If you clicked Always Allow in the previous step, you will not be prompted for a password the next time you sign an email message with your certificate.
For more detailed information about S/MIME email, please see our article, Sending Secure Email with S/MIME.