How to Set up your certificate
1 Create an authority
Open Keychain Access (it shows up in Spotlight) and pick Keychain Access > Certificate Assistant > Create a Certificate Authority. Put a check mark next to ‘Let me override defaults’, enter your address under ‘Email from’, then click Continue.
2 Set an expiry date
Your CA is set to expire after a year. Extend its life by entering a higher value next to Validity Period. Clear the check mark next to ‘Sign your invitation’, click Continue to enter some personal details, then click Continue again.
3 Set key usage info
The key pair info (2048 bits long and using the RSA algorithm) is fine as is, so click Continue twice. At the Key Usage Extension page, put a check next to ‘Key Encipherment’, ‘Certificate Signing’ and ‘Signature’, then click Continue.
4 Complete the assistant
On the next page, put a check next to ‘Key Encipherment’ and ‘Signature’, then click Continue until you reach the ‘Specify a Location For The Certificate’. Enable ‘On this machine, trust certificates signed by this CA’, then click Create.
5 Set up a certificate
Close Certificate Assistant, then choose Keychain Access > Certificate Assistant > Create a Certificate. Set Identity Type to Leaf, put a check mark next to ‘Let me override defaults’, and then click the Continue button.
6 Tweak settings
Specify how long you want your certificate to last before it expires, then click Continue. Enter some personal details (an email address is mandatory, buy the rest is optional) and then click Continue once again.
7 Choose an issuer
Make sure the Certificate Authority you created is selected (it’ll probably be the only one listed), then click Continue. Run through the rest of the assistant, ensuring you enable Key Encipherment on the Key Usage Extension page.
8 Complete the assistant
Verify your email address is listed under ‘rfc822Name’ and finally click Create. The certificate should be listed as valid, meaning it’s ready to use. Click Done to add it to your keychain, quit Keychain Access and open the Mail app.
9 Send your message
Open a new message window and compose an email. You should see a blue button with a check mark in it next to the Subject field, which indicates the digital signature will be sent with your message to prove your identify to the recipient.