Mail on OS X: Choose which X.509 certificate to use for signing mails

I've got multiple X.509 certificates from different CA's for different purposes -- for example, one from CAcert.org, and another one from my university. Both have different advantages and disadvantages, and I want to decide which one to use in a by-case manner.

Sadly, I cannot find any preferences, not even for selecting a default. In the account settings there is an option for a TLS certificate, but this is only for authentication against the mail servers. How to either

  • select a key/certificate when composing an email (preferred) or
  • select a default certificate per mail address or give some certificate ranking?

Currently my only option is removing the one I don't want to use which is rather frustrating.


Solution 1:

You can exactly specify the certificate to be used for sining outgoing emails by following these steps:

Open your keychain. Then right click on the list of certificates and pick the first item on the context menu (In English it is labeled New Identity Preference):

enter image description here

Then type in your email address and select the certificate from the drop down box to use for that address:

enter image description here

The next email you send from the email address typed in above will be signed with the selected certificate.

Solution 2:

Apple Mail will detect the signing certificate stored in your login keychain and associate it with the account in Apple Mail that is using the same email address specified in the certificate's RFC 822 Name field. Unfortunately, this is an automatic process and you will not be able to select between different signing certificates in Apple Mail.

Outlook 2011 does allow you to select which signing certificate you want to use. Here's how to access this functionality:

A. Open Outlook 2011.

B. Go into the Outlook preferences

C. In the Outlook preferences, select Accounts.

enter image description here

D. In your email account settings, select Advanced...

enter image description here

E. In the Advanced settings, select the Security tab. If your signing certificate is stored in your login keychain, you can select your certificate here.

enter image description here