I decided to get a digital id for email yesterday and discovered what treat it was to get it installed properly (e.g. so I could actually use it) on OS X Lion. On Windows, getting, installing, and using the certificate was a snap.
For this particular venture, I decided to go with tctrustcenter.com to get the cert. The process was relatively painless, fill out a registration form and they send you 2 separate emails; one with a link to the page to retrieve your cert along with your username, and a second that has your password. Once you log in, you generate your cert and click a button to install it.
I use Microsoft Outlook as my email client (2010 for Windows and 2011 for Mac), but also did the same setup using Windows Live Mail for a family member who wanted one too. On the Windows machines, after the above simple install, the certificate showed up in the list of installed certificates to choose from. On OS X Lion however, things weren’t quite as straight forward.
Using Safari, generating the certificate was the same as what I did in Windows and, once the cert was generated, the “Install” button was available. This time it didn’t install the cert but instead downloaded a p7s file. I imported the certificate into the login keychain and went to Outlook to associate it with my email account, but it didn’t show up in the list of certificates available. I also went in to Mail to see if perhaps it was limited to Outlook but the tell tale sign of the security buttons being available on a new email wasn’t there. I went back to keychain access to double check that I wasn’t going crazy, and sure enough there it was in the list. I did notice that when I’d filter the list of certificates in keychain access to show just “My Certficates”, the cert I had just installed was not shown which didn’t seem right.
Time to search the web!
After what seemed to be an eternity of Googling and Binging and Yahooing (I used all three in the hopes that one of them would give me that one link that was different and provided an answer) and viewing post after post in forums, and blog post after blog post, I was finally able gather enough bits and pieces of information to solve the problem, hence this blog post to hopefully save someone else the time and effort I spent searching.
The email cert wasn’t marked as one of “My Certificates” (If there is an OS X guru who can tell me a way to get an installed certificate in keychain access show up under “My Certificates”, that would be the ideal solution.)
The solution I went with:
I used Firefox instead of Safari to install the cert. I then had to go into Firefox->Preferences->Encryption->View Certificates->Your Certificates, select the certificate and click the “Backup” button. This allowed me to create a PKCS12 file. I could then import this into keychain access and,once I did, the certificate showed up under “My Certificates” as well as appeared in the list of certificates to choose from in Outlook.
Success!! I am now able to sign outgoing emails and decrypt incoming email to me without issue.