Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: janinspain
janinspain Author
User level: Level 1
13 points

How to replace THAWTE certificate by VERISIGN certificate

These day millions of user receive an e-mail "Important Thawte® Personal E-mail Certificate Holder Notice - Thawte Personal E-mail Certificates and Web of Trust are being discontinued".

The message comes with a special offer from VeriSign giving you a full year of VeriSign digital certificate fro free which seems to be a fair offer (I think normal price is around 20$ per year).

Enrollment and installation of the new certificate is well described and worked perfectly: you'll end up with a brandnew certificate from VeriSign in your Key Chain - BUT...

Mail keeps on encrypting with the old one from THAWTE and Address Book shows in your own record that your mail address is still linked to the old certificate.

Some users will just delete the old one - DON'T DO THIS - because you might find out that all your old encrypted mail that you received earlier won't be readable any longer.

I din't find a way to select the new certificate for the encryption of outgoing mail and I gues there thousands of former THAWTE & Mac users who are trying to find the solution.

Who can help?
Jan

Macbook Pro, Mac OS X (10.6.1)

Posted on Oct 14, 2009 1:14 AM

Reply
22 replies
User profile for user: kae
kae
User level: Level 1
106 points

Jan 20, 2010 1:46 PM in response to Arkonova

I'm glad it works for people, but I agree with Arkonova.

It's a total kludge at best and could stop working at any time. If some apple "patch" is loaded which changes the "selection criteria" (whatever that is), the party could be over and we'd be back in the same situation.

I contacted Thawte and their response was: "Your Thawte Personal Email Certificate has been revoked on 16 November 2009 on the same date that we stop offering Thawte Personal Email Certificates".

What I don't understand is how to I tell my machine that those are revoked?

Shouldn't I be able to download a "revoke" token or when the certificate is checked shouldn't it return "revoked" or something?

It's like either Apple isn't checking certificates for "revocation" or maybe Thawte isn't listing the "revocation" or maybe I don't know how this works at all. It's probably the latter, but if someone knows, I would love an explanation or a link to a web page that has an explanation of how this revocation process works.
Reply
User profile for user: Richard Liu
Richard Liu
User level: Level 1
88 points

Jan 30, 2010 9:43 AM in response to kae

@kae,

Been there, done that ... either I don't understand what this option does, or it isn't working. I go to the Verisign certificate, click "New Identity Preference" and specify the email address for which Mail is still using the Thawte certificate. Then I send a signed email to one of my other accounts and examine the certificate with which it was signed. It's the Thawte certificate. Address Book is also still displaying the Thawte certificate next to the email account on my card.

Richard
Reply

How to replace THAWTE certificate by VERISIGN certificate

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up