This discussion is archived
10206 Views 22 Replies Latest reply: Jan 30, 2010 9:43 AM by Richard Liu
Currently Being ModeratedJan 11, 2010 10:14 AM (in response to Arkonova)I have found no way in Apple's Mail app to "select" a certificate when there is more than one valid certificate for an email account. (I could swear that this used to exist, but maybe I'm thinking of Thunderbird).
Here is a fix that I tried and it appeared to work. At least it worked for me, but I don't know if it works for all cases.
I exported my old (still valid) Thawte certificates to a file (actually using Firefox, because I loaded them there as well). I started up Keychain and deleted the Thawte certificates. I then loaded them back into the login keychain. It appears that Mail now picks my Verisign certificates.
I'm guessing that when the Thawte certs were deleted, Mail latched onto the verisign certs. When I reloaded the Thawte certs, Mail remained locked onto the Verisign certs.
I'm not sure if this does anything for address book certificates (didn't know they had certs), but it worked for me with Mail on a couple of my mac machines.
I still don't know if this will work as MobileMe sync propagates my changes to my other macs. Only time will tell, but at least this MobileMe sync'ed mac is now okay.
I think this is a short coming of the Apple Mail tool. I understand that most of the time you will probably only have one certificate, but in this particular situation created by Thawte, it ends up causes problems for the Mail user.Mac OS X (10.6.2)
Currently Being ModeratedJan 19, 2010 10:59 PM (in response to kae)Kae's suggestions worked for me too on 10.6.2.2.4Ghz MacBook Late 2008, Mac OS X (10.5)
Currently Being ModeratedJan 19, 2010 11:20 PM (in response to tiffert)It works.
But it is not the solution if you have more than one valid certificate for an email address. Apple should really add a way to select which cert to use in Mail prefs. Or maybe better: session wide for a given email.Mac Book Pro 15'' Unibody, Mac OS X (10.5.8)
Currently Being ModeratedJan 20, 2010 1:46 PM (in response to Arkonova)I'm glad it works for people, but I agree with Arkonova.
It's a total kludge at best and could stop working at any time. If some apple "patch" is loaded which changes the "selection criteria" (whatever that is), the party could be over and we'd be back in the same situation.
I contacted Thawte and their response was: "Your Thawte Personal Email Certificate has been revoked on 16 November 2009 on the same date that we stop offering Thawte Personal Email Certificates".
What I don't understand is how to I tell my machine that those are revoked?
Shouldn't I be able to download a "revoke" token or when the certificate is checked shouldn't it return "revoked" or something?
It's like either Apple isn't checking certificates for "revocation" or maybe Thawte isn't listing the "revocation" or maybe I don't know how this works at all. It's probably the latter, but if someone knows, I would love an explanation or a link to a web page that has an explanation of how this revocation process works.Mac OS X (10.5.8)
Currently Being ModeratedJan 23, 2010 9:45 AM (in response to Arkonova)
I was wondering if there is a way to tell Mail which certificate to use (via CLI or by modifying a plist somewhere). Any clue about this?
I found it! In Keychain "File" menu select "New Certificate Preference".MacBook Pro, Mac OS X (10.5.4)
Currently Being ModeratedJan 23, 2010 12:11 PM (in response to vzaliva)What app is this in? Is it the "Keychain Access" app? I looked on the file menu and I don't have a "New Certificate Preference". Can you give more information?Mac OS X (10.5.8)
Currently Being ModeratedJan 23, 2010 7:36 PM (in response to kae)yes, it is in Keychain Access app. You need to select a certificate to see this menu.MacBook Pro, Mac OS X (10.5.4)
Currently Being ModeratedJan 30, 2010 9:43 AM (in response to kae)@kae,
Been there, done that ... either I don't understand what this option does, or it isn't working. I go to the Verisign certificate, click "New Identity Preference" and specify the email address for which Mail is still using the Thawte certificate. Then I send a signed email to one of my other accounts and examine the certificate with which it was signed. It's the Thawte certificate. Address Book is also still displaying the Thawte certificate next to the email account on my card.
RichardMacBook Core 2 Duo 2 GHz, MacBook Pro Core 2 Duo 2.93 GHz 17" glossy screen, Mac OS X (10.5.8), 4GB RAM