Welcome to the Office Mac Help Site About | Blog | Links | Glossary | Feedback | Downloads | Help

Importing your new digital ID into your personal keychain

This step is pretty straight-forward.

Import the Digital Identity:

After you've exported the digital ID as indicated above, you'll need to import it into your Mac personal keychain. To do this:

  1. Launch the Microsoft Cert Manager application located in the Office folder
  2. Click on the Import icon
  3. Navigate to your file and click Open
  4. Enter the password you protected the file with above
  5. You should see your new digital ID show up in the window under the "Digital Identities" keychain

Note: In MacOS X 10.3, you can simply double-click the certificate and it gets automatically imported in your keychain (and shared with the Microsoft cert manager).

Importing Roots

For some CAs, you and all of your contacts (those who you'll want to exchange secure messages with) will need to import the root certificate in order for Entourage (and your contacts' mail clients) to verify the authenticity of secured messages you send. You should see error messages indicating such problems (to the effect of "You do not trust the digital signature…") if you try to setup your personal certificate in Entourage and you have not yet imported the corresponding trusted root certificate. Again, if you obtained your certificate from a well-known trusted CA such as choices Verisign or Thawte, you can skip this step altogether.

Similarly, if your contacts have personal certificates that were issued by a 'non-standard' authority (one that doesn't come shipped with Mac OS X), you'll need to import those root certificates as well. If you get a "You do not trust the digital signature…" type of error while trying to view messages from a contact, then it is most likely the case that you need to import the root. Your contact (or whoever issued their certificate) should be able to tell you for sure. In any case, if you're still not sure, it doesn't hurt to try to import a root certificate twice, even if it already exists in your database.

Importing a root certificate differs in Jaguar and Panther. Panther provides better support and a much improved interface for importing, whereas Jaguar will require a few command-line hacks. If you're trying to import a .p7b file such as the one you get from Microsoft, please read the "Please Note" section at the end of this section first.

To import a root certificate in Panther:
  1. In the Finder, drag the certificate onto the MacOS Keychain Access utility
  2. When prompted, choose the Keychain "X509 Anchors" and click OK
  3. (You may have to enter your admin password here)
  4. That should do it.

To import a root certificate in Jaguar:
Note you need to have root access for this

  1. Download the certificate locally (say, your Desktop)
  2. Make sure the certificate is in PEM format. (If it's not, use the Microsoft Cert Manager app in the Office folder to convert between formats. Simply import the cert, then Export and specify PEM format when saving out.)
  3. Now launch a Terminal session
  4. Assuming you've exported the certificates onto your Desktop, issue the following commands, replacing <cert_filename> with the actual filename:
    • >cd ~/Desktop
    • >cp /System/Library/Keychains/X509Anchors ~/Library/Keychains
    • >certtool i <cert_filename> k=X509Anchors
    • >sudo cp ~/Library/Keychains/X509Anchors /System/Library/Keychains
    • (enter root password)

    [Note that certificate names may have an implicit extension such as '.pem' added during export that you may not see using the Finder, but should see using `ls`.]