Table of Contents

Setting up S/MIME

Obtaining a certificate

Actalis

  1. Apply for a free certificate at Actalis.
  2. Enter your mail and wait for the verification code to arrive (check the spam folder)
  3. Enter the verification code.
  4. The certificate will now be created.
  5. Take note of the password in the browser! It's used to decrypt the PKCS12 container.
  6. Download und unpack the attachment from Actalis's mail.

Client Configuration

Mail.app (macOS)

  1. Open the pfx file and unlock with password to import it into Keychain.
  2. Select the certificate in the keychain. Right-click and select New Identity Preference.
  3. Enter the valid mail address into Location or Email Adress, then click Add.
  4. The certificate will be used when you send a new mail using that account in Mail.app. You'll be asked for the keychain password. Enter it and click Always Allow.

Exporting to iOS devices

  1. Download and run Apple Configurator.
  2. Create a New profile
  3. Enter a name for the profile.
  4. Select Certificates from the left bar, then “Configure”
  5. Select (multiple) pfx/PKCS12 files to include in the profile.
  6. (Optionally) set the PKCS12 passwords
  7. Save and export to devices (e.g. via AirPlay)
  8. On the device, go to Settings and accept the profile
  9. In the Settings app, go to Mail/Accounts
  10. Edit all the mailboxes to which you want to assign certificates.
  11. Under Account/Advanced
    1. Activate the Sign option and select the certificate
    2. Tap Encrypt by Default and select the certificate again. Leave Encrypt by Default unchecked!