UW Digital ID (Personal Certificate) - Configuring My Email Client (Mac)

This document will guide you through configuring your personal certificate to digitally sign documents on Mac.

Before Configuration

Before you start configuring your email client, you should make sure that you have downloaded and installed your certificate.

Download Instructions: UW Digital ID (Personal Certificate) - Downloading My Digital Certificate through Comodo

Installation Instructions: UW Digital ID (Personal Certificate) - Installing My Certificate (Windows and Mac)

Configuring Apple Mail

No configuration is necessary. Once your certificate is imported into your Keychain, Apple Mail is ready to begin using it. You will notice two new buttons on the right-hand side of the message window when you compose or reply to a message.

encrypted and signed buttons

Here they are in the message window:

new message window

The sunburst icon represents whether the message is signed, and the padlock icon indicates whether the message is encrypted. By default, your messages are neither signed nor encrypted.

To digitally sign a message, begin addressing the message as you normally would. Click the sunburst icon with the "x". The "x" will change to a checkmark, signifying the message is now signed with your digital identity.

signed message window

The padlock icon will remain grayed out until you receive a message from someone else that has been digitally signed with their certificate. Once an exchange of signed messages has taken place, the padlock will become available, and you may start signing and encrypting your messages. This ensures the security of your messages, and allows the recipient to have a greater degree of trust that the message originated from you.

signed and encrypted message window

When you receive messages from others, you will notice that they will now contain additional information in the header about whether the message is signed, encrypted, or both, as appropriate.

security header of encrypted and signed message

Note: Apple Mail might not display this security header if the message was encrypted. This is a known issue with Apple Mail, but we do not know of a fix or workaround.

Security Controls:

Encryption Unavailable

Encryption Unavailable / Signed Message. The message cannot be encrypted since the certificate for one or more recipients is not known or does not exist.

Signed, Not Encrypted

Signed Only.

Encrypted, Not Signed

Encrypted Only.

Signed and Encrypted

Signed and Encrypted.

Both available

No security set. Click on the lock icon to encrypt and / or the seal icon to sign the message.

Configuring Outlook 2011 / Outlook 2016

  1. Choose "Preferences..." in the Outlook menu bar

  2. Choose "Accounts"

  3. Click the "Advanced..." button

  4. Click the "Security" Tab

  5. Then choose your certificate from the "Certificate:" drop-down box under the "Digital Signing" section.

  6. Choose "SHA-1" for the Signing algorithm:

  7. Choose "3DES" for the Encryption algorithm:

  8. Verify the boxes are checked next to; "Sign outgoing messages", "Send digitally signed messages as clear text", "Include my certificates in signed messages"

  9. The final settings should look similar to the screen below:

  10. Note: When sending a message after configuring, you may receive the prompt "Microsoft Outlook wants to sign using key "keyname" in your keychain. To allow this, enter the 'login' keychain password." This prompt is looking for the computer administrator password.

Configuring Thunderbird

Thunderbird (and other Mozilla family products) don't use the Macintosh Keychain. The UW Digital ID certificate is imported directly into the application.

  1. Open Thunderbird. Click on Tools | Account Settings.

  2. Click on Security>View Certificates under the relevant email account.

  3. Go to the Your Certificates tab and click the Import button. Browse to the location where your digitial certicate is stored and double click to import the certificate.

  4. If the certificate has imported correctly you will see the certifcate listed under the Your Certificates tab. Click OK to close this window.

  5. Under the security options, click the Select button under Digital Signing.

  6. In the drop-down menu for the list of digital certificates you have available, select the digital certificate you would like to use and click OK.

  7. The window below appears next. Click Yes.

  8. The Digital Signing area in the Security window should now display the name of the digital certificate being used. In order for the certifcate to be active, check the box Digitally sign messages (by default).Please note that under Encryption, the selection is set to Never (do not use encryption). Click OK to complete the digital signature configuration.


Keywords:uw digital id certificate cert personal did uwdid sign email emails electronic signature thunderbird mac outlook office encrypt encryption apple mail 2016 2011   Doc ID:69267
Owner:Marc T.Group:Identity and Access Management
Created:2016-12-07 15:13 CSTUpdated:2020-09-21 10:47 CST
Sites:DoIT Help Desk, DoIT Tech Store, Identity and Access Management
Feedback:  3   3