DigiCert Macintosh Installation
Use the Safari web browser to generate your DigiCert certificates. If clicking a link in the DigiCert email does not launch Safari, copy the link from your email, open Safari, and paste the link into the Safari address bar.
If you process the link with Firefox it will place your key and certificate into its own certificate store. You will need to export the credentials to a file then import the file into the Macintosh Keychain. The steps are described under the Certificate Import/Export.
Each of the links in the email will present a form with a box you must check to accept the DigiCert subscriber agreement and a button to generate the certificate. On the encryption form you must also enter a "Certificate Password" to protect a file the page generates. You can check the box labeled "Also send the Certificate and Key (.pfx) to me by email" and save the attached file you receive in secure location for backup. You will not need it for the installation process.
When you click the "Generate Certificate" button for your Digital Signature Plus (authentication) certificate, Safari will generate a private authentication key and store this key and the certificate DigiCert creates directly into your keychain. It will also place a copy of the certificate in your Downloads folder. The file name will be "DigiCert Personal ID for Your Name (Authentication).crt".
When you click the "Generate Certifcate" button for your Email Security Plus (encryption) certificate, DigiCert will generate a private key and certificate. Safari will copy these into a file named "your_name__encryption_.pfx" in your Downloads folder. DigiCert will keep a copy in escrow for emergency recovery. You will need to install the key and certificate from this file into your keychain as described below:
The following process installs your escrowed encryption key and certificate into the Macintosh keychain.
- Launch the Keychain Access application (from the Utilities folder under the Go menu in the Finder)
- Under the File menu select New Keychain...
- Enter a password for the new keychain. You will use this password when you sign email and when you read encrypted email that you receive.
- In the Save As: field enter the keychain name "Authentication & Encryption" then click the Create... button.
- Under the File menu select Import Items...
- In the file section select the identity file downloaded by DigiCert (this is named "your_name__encryption_.pfx" and will be in your Downloads folder).
- In the Destination Keychain pull-down menu select the "Authentication & Encryption" keychain that you just created, then click the Open button
- You will be prompted for the identity file password. It is the one you used when you requested the certificate from DigiCert. Enter the password and click OK
Now move the authentication key and certificate you installed in the previous step to the new keychain
- If a list of keychains is not visible, select Show Keychains under the View menu
- In the Keychains list select Login. In the Category list select My Certificates.
- Drag the certificate "Your Name (Authentication)" to the "Authentication & Encryption" keychain in the Keychains list. This protects your authentication certificate so that you need the password to sign email.
You should keep the .pfx file in a secure location in case you need to reinstall later or want to set up encryption on a different computer. This completes the installation.
You are now ready for the final setup step, configuring your email program to use the digital certificates.
Choose one of the following options to configure your email program to use the certificates: