====== Setting up S/MIME ======
===== Obtaining a certificate =====
==== Actalis ====
  - Apply for a free certificate at [[https://www.actalis.com/s-mime-certificates.aspx|Actalis]].
  - Enter your mail and wait for the verification code to arrive (check the spam folder)
  - Enter the verification code.
  - The certificate will now be created.
  - Take note of the password in the browser! It's used to decrypt the PKCS12 container.
  - Download und unpack the attachment from Actalis's mail.


===== Client Configuration =====
==== Mail.app (macOS) ====
  - Open the pfx file and unlock with password to import it into Keychain.
  - Select the certificate in the keychain. Right-click and select **New Identity Preference**.
  - Enter the valid mail address into **Location or Email Adress**, then click **Add**.
  - The certificate will be used when you send a new mail using that account in Mail.app. You'll be asked for the keychain password. Enter it and click **Always Allow**.


==== Exporting to iOS devices ====
  - Download and run [[https://apps.apple.com/de/app/apple-configurator-2/id1037126344?mt=12|Apple Configurator]].
  - Create a **New profile**
  - Enter a name for the profile.
  - Select **Certificates** from the left bar, then "Configure"
  - Select (multiple) pfx/PKCS12 files to include in the profile.
  - (Optionally) set the PKCS12 passwords
  - Save and export to devices (e.g. via AirPlay)
  - On the device, go to **Settings** and accept the profile
  - In the Settings app, go to **Mail**/**Accounts**
  - Edit all the mailboxes to which you want to assign certificates.
  - Under **Account**/**Advanced**
    - Activate the **Sign** option and //select the certificate//
    - Tap **Encrypt by Default** and select the certificate again. Leave **Encrypt by Default** //unchecked//!